{"title":"An Unsupervised Network Anomaly Detection Model and Implementation","authors":"Yingdan Zhang, Kun Wen, Xingyu Wang","doi":"10.1145/3611450.3611468","DOIUrl":null,"url":null,"abstract":"Anomaly detection for network attacks has always been a very important part of intrusion detection. The current research focus is anomaly detection based on deep learning, which has two main problems. One is the lack of a large amount of labeled data in model training, and the other is difficult to detect unknown network attacks or variant attacks. To solve the above problems, an unsupervised anomaly detection model is constructed in this paper. The automatic encoder is used to learn normal traffic characteristics and detect abnormal traffic. Meanwhile, time correlation features and hierarchical clustering algorithm are used for data preprocessing to reduce time and space complexity, so as to further improve the efficiency of model detection. Due to the serious lack of verification data sets for unsupervised anomaly detection, this paper collects and organizes a large amount of data and designs four types of network attack data, including new attack means, worms, system vulnerabilities and botnets. The experimental results showed that the detection accuracy of worms and system vulnerabilities reached 98%, the detection accuracy of botnets reached 89%, and the attacks of the new OriginLogger software were detected.","PeriodicalId":289906,"journal":{"name":"Proceedings of the 2023 3rd International Conference on Artificial Intelligence, Automation and Algorithms","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 3rd International Conference on Artificial Intelligence, Automation and Algorithms","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3611450.3611468","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Anomaly detection for network attacks has always been a very important part of intrusion detection. The current research focus is anomaly detection based on deep learning, which has two main problems. One is the lack of a large amount of labeled data in model training, and the other is difficult to detect unknown network attacks or variant attacks. To solve the above problems, an unsupervised anomaly detection model is constructed in this paper. The automatic encoder is used to learn normal traffic characteristics and detect abnormal traffic. Meanwhile, time correlation features and hierarchical clustering algorithm are used for data preprocessing to reduce time and space complexity, so as to further improve the efficiency of model detection. Due to the serious lack of verification data sets for unsupervised anomaly detection, this paper collects and organizes a large amount of data and designs four types of network attack data, including new attack means, worms, system vulnerabilities and botnets. The experimental results showed that the detection accuracy of worms and system vulnerabilities reached 98%, the detection accuracy of botnets reached 89%, and the attacks of the new OriginLogger software were detected.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
