Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

by   Yisroel Mirsky, et al.

Neural networks have become an increasingly popular solution for network intrusion detection systems (NIDS). Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. However, a drawback of neural networks is the amount of resources needed to train them. Many network gateways and routers devices, which could potentially host an NIDS, simply do not have the memory or processing power to train and sometimes even execute such models. More importantly, the existing neural network solutions are trained in a supervised manner. Meaning that an expert must label the network traffic and update the model manually from time to time. In this paper, we present Kitsune: a plug and play NIDS which can learn to detect attacks on the local network, without supervision, and in an efficient online manner. Kitsune's core algorithm (KitNET) uses an ensemble of neural networks called autoencoders to collectively differentiate between normal and abnormal traffic patterns. KitNET is supported by a feature extraction framework which efficiently tracks the patterns of every network channel. Our evaluations show that Kitsune can detect various attacks with a performance comparable to offline anomaly detectors, even on a Raspberry PI. This demonstrates that Kitsune can be a practical and economic NIDS.



There are no comments yet.


page 6

page 10

page 11

page 12

page 13


Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems

The increase of cyber attacks in both the numbers and varieties in recen...

SSIDS: Semi-Supervised Intrusion Detection System by Extending the Logical Analysis of Data

Prevention of cyber attacks on the critical network resources has become...

Vesper: Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs

The Man-in-the-Middle (MitM) attack is a cyber-attack in which an attack...

Intrusion Detection using Continuous Time Bayesian Networks

Intrusion detection systems (IDSs) fall into two high-level categories: ...

An Anomaly-based Multi-class Classifier for Network Intrusion Detection

Network intrusion detection systems (NIDS) are one of several solutions ...

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Hypertext transfer protocol (HTTP) is one of the most widely used protoc...

Characterization of Neural Networks Automatically Mapped on Automotive-grade Microcontrollers

Nowadays, Neural Networks represent a major expectation for the realizat...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.