Visible to the public Network Anomaly Detection Based on Deep Support Vector Data Description

TitleNetwork Anomaly Detection Based on Deep Support Vector Data Description
Publication TypeConference Paper
Year of Publication2020
AuthorsChen, X., Cao, C., Mai, J.
Conference Name2020 5th IEEE International Conference on Big Data Analytics (ICBDA)
Keywordsanomaly detection, Big Data, composability, convolutional neural nets, convolutional neural network, Data models, Deep Neural Network, deep support vector data description, Deep-SVDD, False Data Detection, feature extraction, intrusion detection system, KDD CUP99 dataset, malicious traffic detection system, network anomaly detection, network traffic anomaly detection, Neural networks, normal traffic features, Predictive Metrics, pubcrawl, representation learning, Resiliency, security of data, support data vector description, Support vector machines, telecommunication traffic, Training, unsupervised learning
AbstractIntrusion detection system based on representation learning is the main research direction in the field of anomaly detection. Malicious traffic detection system can distinguish normal and malicious traffic by learning representations between normal and malicious traffic. However, under the context of big data, there are many types of malicious traffic, and the features are also changing constantly. It is still a urgent problem to design a detection model that can effectively learn and summarize the feature of normal traffic and accurately identify the features of new kinds of malicious this paper, a malicious traffic detection method based on Deep Support Vector Data Description is proposed, which is called Deep - SVDD. We combine convolutional neural network (CNN) with support vector data description, and train the model with normal traffic. The normal traffic features are mapped to high-dimensional space through neural networks, and a compact hypersphere is trained by unsupervised learning, which includes the normal features of the highdimensional space. Malicious traffic fall outside the hypersphere, thus distinguishing between normal and malicious traffic. Experiments show that the model has a high detection rate and a low false alarm rate, and it can effectively identify new malicious traffic.
Citation Keychen_network_2020