Sylvester, Joshua, de Lemos, Rogério (2024) Identifying novelty in network traffic. In: 2024 IEEE International Conference on Cyber Security and Resilience (CSR). 2024 IEEE International Conference on Cyber Security and Resilience (CSR). 27. pp. 506-511. IEEE ISBN 979-8-3503-7537-4. E-ISBN 979-8-3503-7536-7. (doi:10.1109/csr61664.2024.10679382) (KAR id:107246)
|
PDF
Author's Accepted Manuscript
Language: English |
|
|
Download this file (PDF/4MB) |
Preview |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: https://doi.org/10.1109/csr61664.2024.10679382 |
|
Abstract
In a typical Security Operations Centre (SOC), detection methods for malicious transactions are usually resource intensive, requiring a large team to monitor traffic, which is not ideal for efficient and effective decisions. This paper presents the MAE-NAE FRAMEWORK, consisting of two autoencoders and an adjudicator, which is fast and accurate, but not resource intensive. One autoencoder is trained on malicious data, while the other is trained on normal data. The adjudicator classifies transactions into malicious, normal or novel, depending on the confidence level. Although autoencoders are widely used for novelty detection, they have not been used to identify novelty in network traffic, which is the key goal of MAE-NAE FRAMEWORK. This allows the provision of a triage system that identifies transactions as novel for which the confidence level in classifying either normal or malicious is low. For evaluating the MAE-NAE FRAMEWORK, we have used the KDDCUP99 benchmark dataset with a simple linear adjudicator. The MAE-NAE FRAMEWORK can classify 94.73% of data as normal or malicious leaving 5.27% of the transactions as novel. We have compared our solution against various solutions within the literature, and the MAE-NAE FRAMEWORK is more effective in classifying transactions.
| Item Type: | Conference or workshop item (Paper) |
|---|---|
| DOI/Identification number: | 10.1109/csr61664.2024.10679382 |
| Additional information: | © 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works |
| Uncontrolled keywords: | intrusion detection; novelty detection; KDDCUP99; autoencoders |
| Subjects: | Q Science > Q Science (General) > Q335 Artificial intelligence |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Depositing User: | Joshua Sylvester |
| Date Deposited: | 16 Sep 2024 14:59 UTC |
| Last Modified: | 24 Mar 2025 15:46 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/107246 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Sylvester, Joshua.
| Creator's ORCID: | |
|---|---|
| CReDIT Contributor Roles: |
de Lemos, Rogério.
| Creator's ORCID: |
 https://orcid.org/0000-0002-0281-6308
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
