Rémi Bouchayer, Jae-Yun Jun, H. Chaouchi, Philippe Millet
{"title":"改进自编码器入侵检测性能的距离函数研究","authors":"Rémi Bouchayer, Jae-Yun Jun, H. Chaouchi, Philippe Millet","doi":"10.1109/ICUFN57995.2023.10200629","DOIUrl":null,"url":null,"abstract":"Expectations of detection systems have risen with the increase in cyber-attacks. In order to detect the latest and future attacks, systems capable of detecting unknown attacks are needed. Among the various approaches offered by machine learning models, anomaly detection methods can address this need. It is possible to use the autoencoder to detect anomalies and therefore attacks. An autoencoder trained on data from normal use is able to detect attacks, unknown to the model. The attack detection is possible by observing the reconstruction error, which is the distance between the input and the reconstructed input resulting from the model. We considered different distance functions to improve the separation between attacks and normal events, and thus, to improve the performance of the autoencoder. We propose to use the cosine function of the angle formed between the actual input vector and the reconstructed input vector, as a distance function to address the problem of overlapping between normal events and attacks. In addition, we used Tree-structured Parzen Estimator algorithm for the optimization of the hyperparameters of the model. We ran our method on the NSL-KDD dataset and compared the obtained results to those of other methods that exist in the literature.","PeriodicalId":341881,"journal":{"name":"2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN)","volume":"11 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"In Search of Distance Functions That Improve Autoencoder Performance for Intrusion Detection\",\"authors\":\"Rémi Bouchayer, Jae-Yun Jun, H. Chaouchi, Philippe Millet\",\"doi\":\"10.1109/ICUFN57995.2023.10200629\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Expectations of detection systems have risen with the increase in cyber-attacks. In order to detect the latest and future attacks, systems capable of detecting unknown attacks are needed. Among the various approaches offered by machine learning models, anomaly detection methods can address this need. It is possible to use the autoencoder to detect anomalies and therefore attacks. An autoencoder trained on data from normal use is able to detect attacks, unknown to the model. The attack detection is possible by observing the reconstruction error, which is the distance between the input and the reconstructed input resulting from the model. We considered different distance functions to improve the separation between attacks and normal events, and thus, to improve the performance of the autoencoder. We propose to use the cosine function of the angle formed between the actual input vector and the reconstructed input vector, as a distance function to address the problem of overlapping between normal events and attacks. In addition, we used Tree-structured Parzen Estimator algorithm for the optimization of the hyperparameters of the model. We ran our method on the NSL-KDD dataset and compared the obtained results to those of other methods that exist in the literature.\",\"PeriodicalId\":341881,\"journal\":{\"name\":\"2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN)\",\"volume\":\"11 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICUFN57995.2023.10200629\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICUFN57995.2023.10200629","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In Search of Distance Functions That Improve Autoencoder Performance for Intrusion Detection
Expectations of detection systems have risen with the increase in cyber-attacks. In order to detect the latest and future attacks, systems capable of detecting unknown attacks are needed. Among the various approaches offered by machine learning models, anomaly detection methods can address this need. It is possible to use the autoencoder to detect anomalies and therefore attacks. An autoencoder trained on data from normal use is able to detect attacks, unknown to the model. The attack detection is possible by observing the reconstruction error, which is the distance between the input and the reconstructed input resulting from the model. We considered different distance functions to improve the separation between attacks and normal events, and thus, to improve the performance of the autoencoder. We propose to use the cosine function of the angle formed between the actual input vector and the reconstructed input vector, as a distance function to address the problem of overlapping between normal events and attacks. In addition, we used Tree-structured Parzen Estimator algorithm for the optimization of the hyperparameters of the model. We ran our method on the NSL-KDD dataset and compared the obtained results to those of other methods that exist in the literature.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
