An intrusion detection method based on granular autoencoders

Intrusion detection systems have become one of the important tools for network security due to the frequent attacks brought about by the explosive growth of network traffic. Autoencoder is an unsupervised learning model with a neural network structure. It has a powerful feature learning capability and is effective in intrusion detection. However, its network construction suffers from overfitting and gradient disappearance problems. Traditional granular computing methods have advantages in solving such problems, but the process is relatively complex, the granularity dimension is high, and the computational cost is large, which is not suitable for application in intrusion detection systems. To address these problems, we propose a novel autoencoder: Granular AutoEncoders (GAE). The granulation reference set is constructed by random sampling. The granulation of training samples is based on single-feature similarity in a reference set to form granules. The granulation of multiple features results in granular vectors. Some operations of granules are defined. Furthermore, we propose some granular measures, including granular norms and granular loss functions. The GAE is further applied to the field of intrusion detection by designing an anomaly detection algorithm based on the GAE. The algorithm determines whether the network flows are anomalous by comparing the difference between an input granular vector and its output granular vector that is reconstructed by the GAE. Finally, some experiments are conducted using an intrusion detection dataset, comparing multiple metrics in terms of precision, recall, and F1-Score. The experimental results validate the correctness and effectiveness of the intrusion detection method based on GAE. And contrast experiments show that the proposed method has stronger ability for detecting anomalies than the correlation algorithms.