Cong Thanh Bui scite author profile

The rapid development of the Internet and the wide spread of its applications has affected many aspects of our life. However, this development also makes the cyberspace more vulnerable to various attacks. Thus, detecting and preventing these attacks are crucial for the next development of the Internet and its services. Recently, machine learning methods have been widely adopted in detecting network attacks. Among many machine learning methods, AutoEncoders (AEs) are known as the state-of-the-art techniques for network anomaly detection. Although, AEs have been successfully applied to detect many types of attacks, it is often unable to detect some difficult attacks that attempt to mimic the normal network traffic. In order to handle this issue, we propose a new model based on AutoEncoder called Double-Shrink AutoEncoder (DSAE). DSAE put more shrinkage on the normal data in the middle hidden layer. This helps to pull out some anomalies that are very similar to normal data. DSAE are evaluated on six well-known network attacks datasets. The experimental results show that our model performs competitively to the state-of-the-art model, and often out-performs this model on the attacks group that is difficult for the previous methods.

show abstract

One-Class Fusion-Based Learning Model for Anomaly Detection

Bui¹,

Cao

Hoang³

et al. 2023

JCC

View full text Add to dashboard Cite

The Dempster-Shafer (DS) theory of evidence is frequently used to combine multipe supervised machine learning models into a robust fusion-based model. However, using the DS theory to create a fusion model from multiple one-class classifications (OCCs) for network anomaly detection is a challenging task. First, the lack of attack data leads to the difficulty in estimating an appropriate threshold for the OCC models to distinguish between normal and abnormal samples. Second, it is also very challenging to find the weight of OCCs that corresponds to the contribution of each OCC model in the fusion model. In this paper, we attempt to solve the above issues in order to make the DS theory applicable for constructing OCC-based fusion models. Specifically, we propose two novel methods for automatically choosing the appropriate threshold of OCCs and for estimating the weight of individual OCCs in fusion-based models. Thanks to that, we develop an One-class Fusion-based Anomaly Detection model (OFuseAD) from multiple single OCCs. The proposed model is evaluated on ten well-known network anomaly detection problems. The experimental results show that the performance of OFuseAD is improved on almost all tested datasets using two metrics: accuray and F1-score. The visualization results provides the insight into the characteristics of OFuseAD.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Cong Thanh Bui

A Deep Learning Based Method for Handling Imbalanced Problem in Network Traffic Classification

A Double-Shrink Autoencoder for Network Anomaly Detection

One-Class Fusion-Based Learning Model for Anomaly Detection

Contact Info

Product

Resources

About