Deep Anomaly Detection with Deviation Networks

 GuansongPang/deviation-network •  • 19 Nov 2019

Instead of representation learning, our method fulfills an end-to-end learning of anomaly scores by a neural deviation learning, in which we leverage a few (e. g., multiple to dozens) labeled anomalies and a prior probability to enforce statistically significant deviations of the anomaly scores of anomalies from that of normal data objects in the upper tail.

Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security

 rahulvigneswaran/Intrusion-Detection-Systems • International Conference on Computing, Communication and Networking Technologies (ICCCNT) 2018

In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS).

Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

 ymirsky/KitNET-py • 25 Feb 2018

In this paper, we present Kitsune: a plug and play NIDS which can learn to detect attacks on the local network, without supervision, and in an efficient online manner.

Learning Representations of Ultrahigh-dimensional Data for Random Distance-based Outlier Detection

 xuhongzuo/DeepOD •  • 13 Jun 2018

However, existing unsupervised representation learning methods mainly focus on preserving the data regularity information and learning the representations independently of subsequent outlier detection methods, which can result in suboptimal and unstable performance of detecting irregularities (i. e., outliers).

AnomalyDAE: Dual autoencoder for anomaly detection on attributed networks

 haoyfan/AnomalyDAE •  • 10 Feb 2020

In this paper, we propose a deep joint representation learning framework for anomaly detection through a dual autoencoder (AnomalyDAE), which captures the complex interactions between network structure and node attribute for high-quality embeddings.

A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems

 AbertayMachineLearningGroup/network-threats-taxonomy • 9 Jun 2018

This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats.

Synthesis of a Machine Learning Model for Detecting Computer Attacks Based on the CICIDS2017 Dataset

 fisher85/ml-cybersecurity • Proceedings of the Institute for System Programming of RAS 2020

The conclusion was made that it is possible to use machine learning methods to detect computer attacks taking into account these limitations.

E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT

 waimorris/E-GraphSAGE •  • 30 Mar 2021

This paper presents a new Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs).

Hybrid Isolation Forest - Application to Intrusion Detection

 pfmarteau/HIF • 10 May 2017

From the identification of a drawback in the Isolation Forest (IF) algorithm that limits its use in the scope of anomaly detection, we propose two extensions that allow to firstly overcome the previously mention limitation and secondly to provide it with some supervised learning capability.

Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection

 lmunoz-gonzalez/Poisoning-Attacks-with-Back-gradient-Optimization • 8 Feb 2018

We show empirically that the adversarial examples generated by these attack strategies are quite different from genuine points, as no detectability constrains are considered to craft the attack.

Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives

 Saurabh2805/kdd_cup_99 • 13 Nov 2018

Applying the SMOTE oversampling technique and random undersampling, we create a balanced version of NSL-KDD and prove that skewed target classes in KDD-99 and NSL-KDD hamper the efficacy of classifiers on minority classes (U2R and R2L), leading to possible security risks.

Sparse Bayesian approach for metric learning in latent space

 GT-Davood/SBML • Knowledge-Based Systems 2019

Also, the present work is extended for learning in the feature space induced by an RKHS kernel.

LuNet: A Deep Neural Network for Network Intrusion Detection

 mhwong2007/LuNet •  • 22 Sep 2019

Our experiments on two network traffic datasets show that compared to the state-of-the-art network intrusion detection techniques, LuNet not only offers a high level of detection capability but also has a much low rate of false positive-alarm.

Evaluating and Improving Adversarial Robustness of Machine Learning-Based Network Intrusion Detectors

 dongtsi/TrafficManipulator •  • 15 May 2020

Many adversarial attacks have been proposed to evaluate the robustness of ML-based NIDSs.

Efficient Deep CNN-BiLSTM Model for Network Intrusion Detection

 razor08/Efficient-CNN-BiLSTM-for-Network-IDS • 26 Jun 2020

Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack.

EagerNet: Early Predictions of Neural Networks for Computationally Efficient Intrusion Detection

 CN-TU/ids-backdoor • 27 Jul 2020

Fully Connected Neural Networks (FCNNs) have been the core of most state-of-the-art Machine Learning (ML) applications in recent years and also have been widely used for Intrusion Detection Systems (IDSs).

Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems

 s-mohammad-hashemi/repo •  • 9 Aug 2020

Our evaluation conducted on a dataset with a variety of network attacks shows denoising autoencoders can improve detection of malicious traffic by up to 29% in a normal setting and by up to 45% in an adversarial setting compared to other recently proposed anomaly detectors.

Self-Organizing Map assisted Deep Autoencoding Gaussian Mixture Model for Intrusion Detection

 ajaychawda58/SOM_DAGMM •  • 28 Aug 2020

In this paper, we propose a self-organizing map assisted deep autoencoding Gaussian mixture model (SOMDAGMM) supplemented with well-preserved input space topology for more accurate network intrusion detection.

Intrusion Detection with Segmented Federated Learning for Large-Scale Multiple LANs

 yuweisunn/segmented-FL •  • International Joint Conference on Neural Networks (IJCNN) 2020

In this research, a segmented federated learning is proposed, different from a collaborative learning based on single global model in a traditional federated learning model, it keeps multiple global models which allow each segment of participants to conduct collaborative learning separately and rearranges the segmentation of participants dynamically as well.

Adaptive Intrusion Detection in the Networking of Large-Scale LANs with Segmented Federated Learning

 yuweisunn/segmented-FL •  • IEEE Open Journal of the Communications Society (Conference version: IJCNN) 2020

We propose Segmented-Federated Learning (Segmented-FL), where by employing periodic local model evaluation and network segmentation, we aim to bring similar network environments to the same group.

Edge-Detect: Edge-centric Network Intrusion Detection using Deep Neural Network

 racsa-lab/EDD •  • 3 Feb 2021

Our results demonstrate that in comparison to conventional DLM techniques, our model maintains a high testing accuracy of 99% even with lower resource utilization in terms of cpu and memory.

A flow-based IDS using Machine Learning in eBPF

 CN-TU/machine-learning-in-ebpf • 19 Feb 2021

eBPF is a new technology which allows dynamically loading pieces of code into the Linux kernel.

Unveiling the potential of Graph Neural Networks for robust Intrusion Detection

 BNN-UPC/GNN-NIDS •  • 30 Jul 2021

To this end, we use a graph representation that keeps flow records and their relationships, and propose a novel Graph Neural Network (GNN) model tailored to process and learn from such graph-structured information.

Bridging the gap to real-world for network intrusion detection systems with data-centric approach

 c2dc/ab-trap • 25 Oct 2021

Most research using machine learning (ML) for network intrusion detection systems (NIDS) uses well-established datasets such as KDD-CUP99, NSL-KDD, UNSW-NB15, and CICIDS-2017.

The Cross-evaluation of Machine Learning-based Network Intrusion Detection Systems

 pajola/xenids • 9 Mar 2022

By using XeNIDS on six well-known datasets, we demonstrate the concealed potential, but also the risks, of cross-evaluations of ML-NIDS.

Representation Learning for Content-Sensitive Anomaly Detection in Industrial Networks

 dreizehnutters/pcapae •  • 20 Apr 2022

Using a convGRU-based autoencoder, this thesis proposes a framework to learn spatial-temporal aspects of raw network traffic in an unsupervised and protocol-agnostic manner.

AnoShift: A Distribution Shift Benchmark for Unsupervised Anomaly Detection

 bit-ml/anoshift •  • 30 Jun 2022

Analyzing the distribution shift of data is a growing research direction in nowadays Machine Learning (ML), leading to emerging new benchmarks that focus on providing a suitable scenario for studying the generalization properties of ML models.

An Intrusion Detection System based on Deep Belief Networks

 othmbela/dbn-based-nids •  • 5 Jul 2022

The CICIDS2017 dataset was used to train and evaluate the performance of our proposed DBN approach.

Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks

 waimorris/Anomal-E •  • 14 Jul 2022

This paper investigates Graph Neural Networks (GNNs) application for self-supervised network intrusion and anomaly detection.

Separating Flows in Encrypted Tunnel Traffic

 e389-cnpub/separatingflows • IEEE International Conference on Machine Learning and Applications 2022

In this paper, we show that it is indeed possible to separate packets belonging to different flows purely from patterns observed in the interleaved packet sequence.

Synthesis of Adversarial DDOS Attacks Using Tabular Generative Adversarial Networks

 abdelmageed95/Synthesis-of-Adversarial-DDos-Attacks-Using-Tabular-Generative-Adversarial-Networks • 14 Dec 2022

Network Intrusion Detection Systems (NIDS) are tools or software that are widely used to maintain the computer networks and information systems keeping them secure and preventing malicious traffics from penetrating into them, as they flag when somebody is trying to break into the system.

A Novel Multi-Stage Approach for Hierarchical Intrusion Detection

 mverkerk/multi-stage-hierarchical-ids • IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT 2023

An intrusion detection system (IDS), traditionally an example of an effective security monitoring system, is facing significant challenges due to the ongoing digitization of our modern society.

TSI-GAN: Unsupervised Time Series Anomaly Detection using Convolutional Cycle-Consistent Generative Adversarial Networks

 labsaint/tsi-gan • 22 Mar 2023

To achieve these goals, we convert each input time-series into a sequence of 2D images using two encoding techniques with the intent of capturing temporal patterns and various types of deviance.

SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection

 hihey54/pragmaticassessment • 30 Apr 2023

Unfortunately, the value of ML for NID depends on a plethora of factors, such as hardware, that are often neglected in scientific literature.