One-class Collective Anomaly Detection based on Long Short-Term Memory Recurrent Neural Networks

01/31/2018
by   Nga Nguyen Thi, et al.
0

Intrusion detection for computer network systems has been becoming one of the most critical tasks for network administrators today. It has an important role for organizations, governments and our society due to the valuable resources hosted on computer networks. Traditional misuse detection strategies are unable to detect new and unknown intrusion types. In contrast, anomaly detection in network security aims to distinguish between illegal or malicious events and normal behavior of network systems. Anomaly detection can be considered as a classification problem where it builds models of normal network behavior, of which it uses to detect new patterns that significantly deviate from the model. Most of the current approaches on anomaly detection is based on the learning of normal behavior and anomalous actions. They do not include memory that is they do not take into account previous events classify new ones. In this paper, we propose a one class collective anomaly detection model based on neural network learning. Normally a Long Short Term Memory Recurrent Neural Network (LSTM RNN) is trained only on normal data, and it is capable of predicting several time steps ahead of an input. In our approach, a LSTM RNN is trained on normal time series data before performing a prediction for each time step. Instead of considering each time-step separately, the observation of prediction errors from a certain number of time-steps is now proposed as a new idea for detecting collective anomalies. The prediction errors of a certain number of the latest time-steps above a threshold will indicate a collective anomaly. The model is evaluated on a time series version of the KDD 1999 dataset. The experiments demonstrate that the proposed model is capable to detect collective anomaly efficiently

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/07/2019

A Combination of Temporal Sequence Learning and Data Description for Anomaly-based NIDS

Through continuous observation and modeling of normal behavior in networ...
research
04/12/2021

Using a Neural Network to Detect Anomalies given an N-gram Profile

In order to detect unknown intrusions and runtime errors of computer pro...
research
09/28/2022

Big data analysis and distributed deep learning for next-generation intrusion detection system optimization

With the growing use of information technology in all life domains, hack...
research
03/28/2018

Network Traffic Anomaly Detection Using Recurrent Neural Networks

We show that a recurrent neural network is able to learn a model to repr...
research
09/05/2023

An LSTM-Based Predictive Monitoring Method for Data with Time-varying Variability

The recurrent neural network and its variants have shown great success i...
research
05/16/2021

Collective anomaly detection in High-dimensional VAR Models

There is increasing interest in detecting collective anomalies: potentia...
research
05/24/2019

Tiresias: Predicting Security Events Through Deep Learning

With the increased complexity of modern computer attacks, there is a nee...

Please sign up or login with your details

Forgot password? Click here to reset