One-class Collective Anomaly Detection based on Long Short-Term Memory Recurrent Neural Networks

by   Nga Nguyen Thi, et al.

Intrusion detection for computer network systems has been becoming one of the most critical tasks for network administrators today. It has an important role for organizations, governments and our society due to the valuable resources hosted on computer networks. Traditional misuse detection strategies are unable to detect new and unknown intrusion types. In contrast, anomaly detection in network security aims to distinguish between illegal or malicious events and normal behavior of network systems. Anomaly detection can be considered as a classification problem where it builds models of normal network behavior, of which it uses to detect new patterns that significantly deviate from the model. Most of the current approaches on anomaly detection is based on the learning of normal behavior and anomalous actions. They do not include memory that is they do not take into account previous events classify new ones. In this paper, we propose a one class collective anomaly detection model based on neural network learning. Normally a Long Short Term Memory Recurrent Neural Network (LSTM RNN) is trained only on normal data, and it is capable of predicting several time steps ahead of an input. In our approach, a LSTM RNN is trained on normal time series data before performing a prediction for each time step. Instead of considering each time-step separately, the observation of prediction errors from a certain number of time-steps is now proposed as a new idea for detecting collective anomalies. The prediction errors of a certain number of the latest time-steps above a threshold will indicate a collective anomaly. The model is evaluated on a time series version of the KDD 1999 dataset. The experiments demonstrate that the proposed model is capable to detect collective anomaly efficiently



page 1

page 2

page 3

page 4


A Combination of Temporal Sequence Learning and Data Description for Anomaly-based NIDS

Through continuous observation and modeling of normal behavior in networ...

Using a Neural Network to Detect Anomalies given an N-gram Profile

In order to detect unknown intrusions and runtime errors of computer pro...

Network Traffic Anomaly Detection Using Recurrent Neural Networks

We show that a recurrent neural network is able to learn a model to repr...

Collective anomaly detection in High-dimensional VAR Models

There is increasing interest in detecting collective anomalies: potentia...

Tiresias: Predicting Security Events Through Deep Learning

With the increased complexity of modern computer attacks, there is a nee...

Detecting Spacecraft Anomalies Using LSTMs and Nonparametric Dynamic Thresholding

As spacecraft send back increasing amounts of telemetry data, improved a...

DistAD: Software Anomaly Detection Based on Execution Trace Distribution

Modern software systems have become increasingly complex, which makes th...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.