A Convolutional Autoencoder Based Method with SMOTE for Cyber Intrusion Detection

She, Xinyi; Sekiya, Yuji

doi:10.1109/bigdata52589.2021.9671663

Cited by 5 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, VGAEs are generative models allowing to instantiate synthetic latent representations resembling to the input graph. This may find interesting applications, particularly in fields of networking and cyber-security, such as data augmentation for improving cyber-attack detection and classification models [30].…”

Section: A Graph Auto-encodersmentioning

confidence: 99%

Self-Supervised Latent Representations of Network Flows and Application to Darknet Traffic Classification

et al. 2023

View full text Add to dashboard Cite

Characterizing network flows is essential for security operators to enhance their awareness about cyber-threats targeting their networks. The automation of network flow characterization with machine learning has received much attention in recent years. To this aim, raw network flows need to be transformed into structured and exploitable data. In this research work, we propose a method to encode raw network flows into robust latent representations exploitable in downstream tasks. First, raw network flows are transformed into graph-structured objects capturing their topological aspects (packet-wise transitional patterns) and features (used protocols, packets' flags, etc.). Then, using self-supervised learning techniques like Graph Auto-Encoders and Anonymous Walk Embeddings, each network flow graph is encoded into a latent representation that encapsulates both the structure of the graph and the features of its nodes, while minimizing information loss. This results in semantically-rich and robust representation vectors which can be manipulated by machine learning algorithms to perform downstream network-related tasks. To evaluate our network flow embedding models, we use probing flows captured with two /20 network telescopes and labeled using reports originating from different sources. The experimental results show that the proposed network flow embedding method allows for reliable darknet probing activity classification. Furthermore, a comparison between our self-supervised approach and a fullysupervised graph convolutional network shows that, in situations with limited labeled data, the downstream classification model that uses the derived latent representations as inputs outperforms the fully-supervised graph convolutional network. There are many applications of this research work in cybersecurity, such as network flow clustering, attack detection and prediction, malware detection, vulnerability exploit analysis, and inference of attacker's intentions.

show abstract

Section: A Graph Auto-encodersmentioning

confidence: 99%

Self-Supervised Latent Representations of Network Flows and Application to Darknet Traffic Classification

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Many examples of using autoencoders have been reported in studies on anomaly detection tasks [5,6,7], where the autoencoders are a type of neural network consisting of an encoder and a decoder for dimensionality compression and restoration, respectively. Therefore, this study developed a model based on an autoencoder.…”

Section: Introductionmentioning

confidence: 99%

Evaluation of HTTP Request Anomaly Detection Model Using fastText and Convolutional Autoencoder

Yamada,

Kawahara

2024

IEICE Commun. Express

View full text Add to dashboard Cite

With the advent of the Internet and its close connection to people's lives, web applications have become increasingly important. To ensure that the web application is secure, a web application firewall (WAF) detects and stops attacks that exploit application vulnerabilities in communication with server applications. However, these firewalls require continuous tuning by experts with in-depth knowledge of the technologies and services provided, which may become a major obstacle to the introduction of WAF. To resolve this problem, we developed two autoencoder-based models based on an unsupervised learning model that uses only normal requests, considering the implementation and operation costs. We then evaluated the performance of the two autoencoder-based models. The first model converts a hypertext transfer protocol (HTTP) request into ASCII codes and learns their relationship in a normal request using an autoencoder. The second model generates an array of word vectors using fastText and learns using a convolutional autoencoder, which solves the problem identified in the performance evaluation of the first model where the problem was that the simple conversion to ASCII codes was not enough to distinguish between normal and anomalous requests. The two models were evaluated using the HTTP DATASET CSIC2010 dataset. The AUC for the second model was approximately 0.94 while that for the first model was approximately 0.71. This means that the second model has higher accuracy despite being an unsupervised approach, one that does not require labeled anomalous requests, and can be applied with low costs.

show abstract

Intrusion Detection Method for Networked Vehicles Based on Data-Enhanced DBN

Duan,

Cui,

Jia

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A Convolutional Autoencoder Based Method with SMOTE for Cyber Intrusion Detection

Cited by 5 publications

References 8 publications

Self-Supervised Latent Representations of Network Flows and Application to Darknet Traffic Classification

Self-Supervised Latent Representations of Network Flows and Application to Darknet Traffic Classification

Evaluation of HTTP Request Anomaly Detection Model Using fastText and Convolutional Autoencoder

Intrusion Detection Method for Networked Vehicles Based on Data-Enhanced DBN

Contact Info

Product

Resources

About