Network Intrusion Detection
25 papers with code • 4 benchmarks • 6 datasets
Network intrusion detection is the task of monitoring network traffic to and from all devices on a network in order to detect computer attacks.
Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security
In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS).
Instead of representation learning, our method fulfills an end-to-end learning of anomaly scores by a neural deviation learning, in which we leverage a few (e. g., multiple to dozens) labeled anomalies and a prior probability to enforce statistically significant deviations of the anomaly scores of anomalies from that of normal data objects in the upper tail.
In this paper, we present Kitsune: a plug and play NIDS which can learn to detect attacks on the local network, without supervision, and in an efficient online manner.
This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats.
However, existing unsupervised representation learning methods mainly focus on preserving the data regularity information and learning the representations independently of subsequent outlier detection methods, which can result in suboptimal and unstable performance of detecting irregularities (i. e., outliers).
Synthesis of a Machine Learning Model for Detecting Computer Attacks Based on the CICIDS2017 Dataset
The conclusion was made that it is possible to use machine learning methods to detect computer attacks taking into account these limitations.
In this paper, we propose a deep joint representation learning framework for anomaly detection through a dual autoencoder (AnomalyDAE), which captures the complex interactions between network structure and node attribute for high-quality embeddings.
From the identification of a drawback in the Isolation Forest (IF) algorithm that limits its use in the scope of anomaly detection, we propose two extensions that allow to firstly overcome the previously mention limitation and secondly to provide it with some supervised learning capability.
We show empirically that the adversarial examples generated by these attack strategies are quite different from genuine points, as no detectability constrains are considered to craft the attack.