Sylvester, Joshua, de Lemos, Rogério (2024) Identifying novelty in network traffic. In: International conference on cyber security and resilience (IEEE CSR 2024), 02-05 Sep 2024, London, UK. (In press) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:107246)
PDF
Pre-print
Language: English Restricted to Repository staff only |
|
Contact us about this Publication
|
Abstract
In a typical Security Operations Centre (SOC), detection methods for malicious transactions are usually resource intensive, requiring a large team to monitor traffic, which is not ideal for efficient and effective decisions. This paper presents the MAE-NAE FRAMEWORK, consisting of two autoencoders and an adjudicator, which is fast and accurate, but not resource intensive. One autoencoder is trained on malicious data, while the other is trained on normal data. The adjudicator classifies transactions into malicious, normal or novel, depending on the confidence level. Although autoencoders are widely used for novelty detection, they have not been used to identify novelty in network traffic, which is the key goal of MAE-NAE FRAMEWORK. This allows the provision of a triage system that identifies transactions as novel for which the confidence level in classifying either normal or malicious is low. For evaluating the MAE-NAE FRAMEWORK, we have used the KDDCUP99 benchmark dataset with a simple linear adjudicator. The MAE-NAE FRAMEWORK can classify 94.73% of data as normal or malicious leaving 5.27% of the transactions as novel. We have compared our solution against various solutions within the literature, and the MAE-NAE FRAMEWORK is more effective in classifying transactions.
Item Type: | Conference or workshop item (Paper) |
---|---|
Uncontrolled keywords: | intrusion detection; novelty detection; KDDCUP99; autoencoders |
Subjects: | Q Science > Q Science (General) > Q335 Artificial intelligence |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Joshua Sylvester |
Date Deposited: | 16 Sep 2024 14:59 UTC |
Last Modified: | 17 Sep 2024 08:32 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/107246 (The current URI for this page, for reference purposes) |
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):