research-article

A survey of deep learning-based network anomaly detection

Authors:

Donghwoon Kwon,

Kuinam J. KimAuthors Info & Claims

Volume 22, Issue 1

Pages 949 - 961

https://doi.org/10.1007/s10586-017-1117-8

Published: 01 January 2019 Publication History

Abstract

A great deal of attention has been given to deep learning over the past several years, and new deep learning techniques are emerging with improved functionality. Many computer and network applications actively utilize such deep learning algorithms and report enhanced performance through them. In this study, we present an overview of deep learning methodologies, including restricted Bolzmann machine-based deep belief network, deep neural network, and recurrent neural network, as well as the machine learning techniques relevant to network anomaly detection. In addition, this article introduces the latest work that employed deep learning techniques with the focus on network anomaly detection through the extensive literature survey. We also discuss our local experiments showing the feasibility of the deep learning approach to network traffic analysis.

References

[1]

Semente: 2016 Internet Security Threat Report (ISTR), vol. 21, p. 8, April 2016

[2]

Gartner Provides Three Immediate Actions to Take as WannaCry Ransomware Spreads. http://www.gartner.com/newsroom/id/3715918

[3]

Li, Y., Ma, R., Jiao, R.: Hybrid malicious code detection method based on deep learning. Int. J. Secur. Appl. 9(5), 205–216 (2014)

[4]

Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. Soft Comput. Ind. Appl. 96, 293–303 (2011)

[5]

Niyaz, Q., Sun, W., Javaid, A.Y., Alam, M.: A deep learning approach for network intrusion detection system. In: 9th EAI International Conference on Bio-Inspired Information and Communications Technologies, pp. 1–11, May 2016

[6]

Ahmed, A.: Signature-based network inrusion detection system using JESS(SNIDJ). Graduate Project Technical Report, TAMUCC, pp. 2–6 (2004)

[7]

Ning, P., Jajodia, S.: Intrusion detection techniques. The Internet Encyclopedia. 10.1002/047148296X.tie097

[8]

Najafabadi, M.M., Villanustre, F., Khoshgoftaar, T.M., Seliya, N., Wald, R., Muharemagic, E.: Deep learning applications and challenges in big data analytics. J. Big Data 2(1), 1 (2015)

[9]

Deng, L., Yu, D.: Deep learning: methods and applications. Found. Trends Signal Process. 7(3–4), 197–387 (2014)

Digital Library

[10]

Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 dataset. In: Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009), pp. 53–58 (2009)

[11]

Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)

[12]

Vinchurkar, D.P., Reshamwala, A.: A review of intrusion detectiom system using neural network and machine learning technique. Int. J. Eng. Sci. Innov. Technol. 1(2), 54–63 (2012)

[13]

Das, S., Kalita, H.K.: Advanced dimensionality reduction method for big data. In: Research advances in the integration of big data and smart computing, information science reference (an imprint of IGI global), p. 200 (2016)

[14]

Panwar, S.S., Raiwani, Y.P.: Data reduction techniques to analyze NSL-KDD Dataset. Int. J. Comput. Eng. Technol. 5(10), 21–31 (2014)

[15]

Jain, A.K.: Data clustering: 50 years beyond K-means. J. Pattern Recognit. Lett. 31(8), 651–666 (2010)

Digital Library

[16]

John, G.H., Langley, P.: Static versus dynamic sampling for data mining, KDD 96. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, pp. 367–370 (1996)

[17]

Motoda, H., Liu, H.: Feature selection, extraction, and construction. Commun. Inst. Inf. Comput. Mach. Taiwan 5(2), 67–72 (2002)

[18]

Elrawy, M.F., Abdelhamid, T.K., Mohamed, A.M.: IDS in telecommunication network using PCA. Int. J. Comput. Netw. Commun. 5(4), 147–157 (2013)

[19]

Datti, R., Lakhina, S.: Performance comparison of features reduction techniques for intrusion detection system. Int. J. Comput. Sci. Technol. 3(1), 332–335 (2012)

[20]

Bajaj, K., Arora, A.: Dimension reduction in intrusion detection features using discriminative machine learning approach. Int. J. Comput. Sci. Issues 10(4), 324–328 (2013)

[21]

Ibraheem, N.B., Jawhar, M.M.T., Osman, H.M.: Principle components analysis and multi-layer perceptron based intrusion detection system. In: Fifth Scientific Conference Information Technology, vol. 10(1), pp. 127–135 (2013)

[22]

Chae, H., Jo, B., Choi, S., Park, T.: Feature selection for intrusion detection using NSL-KDD. In: Proceedings of the 12th WSEAS International Conference on Information Security and Privacy, pp. 184–187, November 2013

[23]

Namratha, M., Prajwala, T.R.: A comprehensive overview of clustering algorithms in pattern recognition. IOSR J. Comput. Eng. 4(6), 23–30 (2012)

[24]

Koturwar, P., Girase, S., Mukhopadhyay, D.: A survey of classification techniques in the area of big data. Int. J. Adv. Found. Res. Comput. 1(11), 1–7 (2014)

[25]

Caruana, R., Niculescu-Mizil, A.: An empirical comparison of supervised learning algorithms. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 161–168, June 2006

[26]

Lin, F., Cohen, W.W.: Semi-supervised classification of network data using very few labels. In: Proceedings of the 2010 International Conference on Advances in Social Networks and Mining, pp. 192–198, August 2010

[27]

Deng, L., Yu, D.: Deep learning methods and applications. Found. Trends Signal Process., 7(3–4), 199–201, 217 (2014)

[28]

Hinton, G.E.: Boltzmann machine. Scholarpedia 2(5), 1668 (2007)

[29]

Fischer, A., Igel, C.: Training restricted Boltzmann machines: an introduction. Pattern Recognit. 47, 25–39 (2014)

Digital Library

[30]

Alom, M.Z., Bontupalli, V., Taha, T.M.: Intrusion detection using deep belief networks. Int. J. Monit. Surveill. Technol. Res. 3(2), 35–56 (2015)

Digital Library

[31]

Kim, S.K., McMahon, P.L., Olulotun, K.: A large-scale architecture for restricted Boltzmann machines. In: Proceedings of the 2010 18th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, pp. 201–208, May 2010

[32]

Kang, M., Kang, J.: Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE 11(6), e0155781 (2016). 10.1371/journal.pone.0155781e0155781

[33]

Hinton, G.E.: A practical guide to training restricted Boltzmann machines. UTML Technical Report 2010-003, University of Toronto, August 2010

[34]

Yamashita, T., Tanaka, M., Yoshida, E., Yamauchi, Y., Fujiyoshii, H.: To be Bernoulli or to be Gaussian, for a restricted boltzmann machine. In: 2014 22nd International Conference on Pattern Recognition (ICPR), pp. 1520–1525. IEEE (2014)

[35]

Sze, V., Chen, Y.-H., Yang, T.-J., Emer, J.: Efficient processing of deep neural networks: a tutorial and survey. arXiv preprint, arXiv:1703.09039 (2017)

[36]

Hinton, G.E., Salakhutdinov, R.: Reducing the dimensionality of data with neural networks. Science 313, 504–507 (2006)

[37]

Kayack, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the 3rd Annual Conference on Privacy Security and Trust, October 2005

[38]

Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: CISDA 2009. IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, pp. 1–6. IEEE (2009)

[39]

Tao, X., Kong, D., Wei, Y., Wang, Y.: A big network traffic data fusion approach based on fisher and deep auto-encoder. Information 7(2), 20 (2016)

[40]

Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–5, Feb 2016

[41]

Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE (2016)

[42]

Baek, S., Kwon, D., Kim, J., Suh, S., Kim, H., Kim, I.: Unsupervised labeling for supervised anomaly detection in enterprise and cloud networks. In: The 4th IEEE International Conference on Cyber Security and Cloud Computing (IEEE CSCloud 2017), July 2017

[43]

Schlegl, T., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. arXiv preprint, arXiv:1703.05921 (2017)

[44]

Xue, Y., Xu, T., Zhang, H., Long, R., Huang, X.: Segan: adversarial network with multi-scale $$ l_1 $$ loss for medical image segmentation. arXiv preprint, arXiv:1706.01805 (2017)

[45]

Goodfellow, I.: Nips 2016 tutorial: generative adversarial networks. arXiv preprint, arXiv:1701.00160 (2016)

Cited By

Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Li NQi YLi CZhao Z(2024)Active Learning for Data Quality Control: A SurveyJournal of Data and Information Quality10.1145/366336916:2(1-45)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3663369
Okada SJmila HAkashi KMitsunaga TSekiya YTakase HBlanc GNakamura H(2024)XAI-driven Adversarial Attacks on Network Intrusion DetectorsProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655714(65-73)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655714
Show More Cited By

Index Terms

A survey of deep learning-based network anomaly detection

Index terms have been assigned to the content through auto-classification.

Recommendations

Semi-supervised Deep Learning for Network Anomaly Detection
Algorithms and Architectures for Parallel Processing
Abstract
Deep learning promotes the fields of image processing, machine translation and natural language processing etc. It also can be used in network anomaly detection. In practice, it is not hard to obtain normal instances. However, it is always ...
Network traffic anomaly detection based on deep learning: a review

Network traffic anomaly detection has become an important research topic with the increasing prevalence of network attacks. Deep learning, with its ability to analyse large-scale datasets, has emerged as a powerful tool for network traffic anomaly ...
Network anomaly detection using channel boosted and residual learning based deep convolutional neural network
Abstract
Anomaly detection in a network is one of the prime concerns for network security. In this work, a novel Channel Boosted and Residual learning based deep Convolutional Neural Network (CBR-CNN) architecture is proposed for the detection ...
Graphical abstract

Display Omitted
Highlights
- An effective network intrusion detection system is developed using one-class classification.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Cluster Computing

Cluster Computing Volume 22, Issue 1

Jan 2019

2608 pages

ISSN:1386-7857

Issue’s Table of Contents

Copyright © 2019 Springer Science+Business Media, LLC, part of Springer Nature.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 January 2019

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

76
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Li NQi YLi CZhao Z(2024)Active Learning for Data Quality Control: A SurveyJournal of Data and Information Quality10.1145/366336916:2(1-45)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3663369
Okada SJmila HAkashi KMitsunaga TSekiya YTakase HBlanc GNakamura H(2024)XAI-driven Adversarial Attacks on Network Intrusion DetectorsProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655714(65-73)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655714
Li XLi YLi YCao TLiu YGanesan DShi W(2024)FlexNN: Efficient and Adaptive DNN Inference on Memory-Constrained Edge DevicesProceedings of the 30th Annual International Conference on Mobile Computing and Networking10.1145/3636534.3649391(709-723)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3636534.3649391
Mohammed Sayem IIslam Sayed MSaha SHaque A(2024)ENIDS: A Deep Learning-Based Ensemble Framework for Network Intrusion Detection SystemsIEEE Transactions on Network and Service Management10.1109/TNSM.2024.341430521:5(5809-5825)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3414305
Asheralieva ANiyato DMiyanaga Y(2024)Efficient Dynamic Distributed Resource Slicing in 6G Multi-Access Edge Computing Networks With Online ADMM and Message Passing Graph Neural NetworksIEEE Transactions on Mobile Computing10.1109/TMC.2023.326251423:4(2614-2638)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1109/TMC.2023.3262514
Wang YQin CWei RXu YBai YFu Y(2024)SLA$^{{\text{2}}}$2P: Self-Supervised Anomaly Detection With Adversarial PerturbationIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.344847336:12(9282-9293)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TKDE.2024.3448473
Salehpour ANorouzi MBalafar MSamadZamini K(2024)A cloud‐based hybrid intrusion detection framework using XGBoost and ADASYN‐Augmented random forest for IoMTIET Communications10.1049/cmu2.1283318:19(1371-1390)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1049/cmu2.12833
Najafi PCheng FMeinel C(2024)HEODComputers and Security10.1016/j.cose.2024.104040146:COnline publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.104040
Sun HHuang YHan LFu CLiu HLong X(2024)MTS-DVGANComputers and Security10.1016/j.cose.2023.103570139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103570
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents