Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Deep Nested Clustering Auto-Encoder for Anomaly-Based Network Intrusion Detection

Nguyen, VQ, Ngo, TL, Nguyen, LM, Nguyen, VH and Shone, N Deep Nested Clustering Auto-Encoder for Anomaly-Based Network Intrusion Detection. In: Proceedings 2023 RIVF International Conference on Computing and Communication Technologies (RIVF) . (2023 RIVF IEEE International Conference on Computing and Communication Technologies, 23-25th December 2023, Hanoi, Vietnam). (Accepted)

a50-quan final.pdf - Accepted Version

Download (336kB) | Preview


Anomaly-based intrusion detection system(AIDS) plays an increasingly important role in detecting complex,multi-stage network attacks, especially zero-day attacks. Although there have been improvements both in practical applications and the research environment, there are still many unresolved accuracy-related concerns. The two fundamental limitations that contribute to these concerns are: i) the succinct, concise, latent representation learning of the normal network data, and ii) the optimization volume of normal regions in latent space. Recent studies have suggested many ways to learn the latent representation of normal network data in a semi-supervised manner to construct AIDS. However, these approaches are still affected by the above limitations,mainly due to the inability to process high data dimensionality or ineffectively explore the underlying architecture of the data. In this paper, we propose a novel Deep Nested Clustering Auto Encoder (DNCAE ) model to thoroughly overcome the aforementioned difficulties and improve the performance o fnetwork attack detection. The proposed model consists of two nested Deep Auto-Encoders(DAE) to learn the informative and tighter data representation space. In addition, the DNCAE model integrates the clustering technique into the latent layer of the outer DAE to learn the optimal arrangement of datapoints in the latent space. This harmonious combination allows us to effectively deal with the limitations outlined. The performance of the proposed model is evaluated using standard datasets including NSL-KDD,UNSW-NB15, and six scenarios of CIC-IDS2017(Tuesday, Wednesday, Thursday-Morning, Friday-Morning, Friday-Afternoon Port Scan,Friday-Afternoon DDoS).The experimental results strongly confirm that the proposed model clearly out performs th baselines and the existing methods for network anomaly detection. IndexTerms—Latent Representation, DeepAuto-Encoder, Clustering, AnomalyDetection, Intrusion Detection System

Item Type: Conference or Workshop Item (Paper)
Additional Information: © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: Q Science > QA Mathematics
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Computer Science & Mathematics
Publisher: IEEE
SWORD Depositor: A Symplectic
Date Deposited: 08 Feb 2024 14:17
Last Modified: 08 Feb 2024 14:17
URI: https://researchonline.ljmu.ac.uk/id/eprint/22527
View Item View Item