An Empirical Evaluation of Deep Learning for Network Anomaly Detection Conference Paper uri icon

abstract

  • © 2018 IEEE. Deep learning has been given a great deal of attention with its success story in many areas such as image analysis and speech recognition. In particular, deep learning is good at dealing with high-dimensional data exhibiting non-linearity. Our preliminary study reveals a very high degree of non-linearity from network traffic data, which explains why it is hard to improve the detection accuracy by using conventional machine learning techniques (e.g., SVM, Random Forest, Ad-aboosting). In this study, we empirically evaluate deep learning to see its feasibility for network anomaly detection. We examine a set of deep learning models constructed based on the Fully Connected Network (FCN), Variational AutoEncoder (VAE), and Long Short-Term Memory with Sequence to Sequence (LSTM Seq2Seq) structures, with two public traffic data sets that have distinctive properties with respect to the distribution of normal and attack populations. Our experimental results confirm the potential of deep learning models for network anomaly detection, and the model based on the LSTM Seq2Seq structure shows a highly promising performance, yielding 99% of binary classification accuracy on the public data sets.

author list (cited authors)

  • Malaiya, R. K., Kwon, D., Kim, J., Suh, S. C., Kim, H., & Kim, I.

citation count

  • 19

publication date

  • March 2018

publisher