Unsupervised learning approach for network intrusion detection system using autoencoders

Hyunseung Choi, Mintae Kim, Gyubok Lee, Wooju Kim

Research output: Contribution to journalArticle

Abstract

Network intrusion detection systems are useful tools that support system administrators in detecting various types of intrusions and play an important role in monitoring and analyzing network traffic. In particular, anomaly detection-based network intrusion detection systems are widely used and are mainly implemented in two ways: (1) a supervised learning approach trained using labeled data and (2) an unsupervised learning approach trained using unlabeled data. Most studies related to intrusion detection systems focus on supervised learning. However, the process of acquiring labeled data is expensive, requiring manual labeling by network experts. Therefore, it is worthwhile investigating the development of unsupervised learning approaches for intrusion detection systems. In this study, we developed a network intrusion detection system using an unsupervised learning algorithm autoencoder and verified its performance. As our results show, our model achieved an accuracy of 91.70%, which outperforms previous studies that achieved 80% accuracy using cluster analysis algorithms. Our results provide a practical guideline for developing network intrusion detection systems based on autoencoders and significantly contribute to the exploration of unsupervised learning techniques for various network intrusion detection systems.

Original languageEnglish
JournalJournal of Supercomputing
DOIs
Publication statusPublished - 2019 Jan 1

Fingerprint

Network Intrusion Detection
Unsupervised learning
Unsupervised Learning
Intrusion detection
Supervised learning
Supervised Learning
Intrusion Detection
Cluster analysis
Anomaly Detection
Tool Support
Labeling
Learning algorithms
Cluster Analysis
Network Traffic
Learning Algorithm
Monitoring

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Information Systems
  • Hardware and Architecture

Cite this

@article{993a61e95ea141df8d179a9ede7ae769,
title = "Unsupervised learning approach for network intrusion detection system using autoencoders",
abstract = "Network intrusion detection systems are useful tools that support system administrators in detecting various types of intrusions and play an important role in monitoring and analyzing network traffic. In particular, anomaly detection-based network intrusion detection systems are widely used and are mainly implemented in two ways: (1) a supervised learning approach trained using labeled data and (2) an unsupervised learning approach trained using unlabeled data. Most studies related to intrusion detection systems focus on supervised learning. However, the process of acquiring labeled data is expensive, requiring manual labeling by network experts. Therefore, it is worthwhile investigating the development of unsupervised learning approaches for intrusion detection systems. In this study, we developed a network intrusion detection system using an unsupervised learning algorithm autoencoder and verified its performance. As our results show, our model achieved an accuracy of 91.70{\%}, which outperforms previous studies that achieved 80{\%} accuracy using cluster analysis algorithms. Our results provide a practical guideline for developing network intrusion detection systems based on autoencoders and significantly contribute to the exploration of unsupervised learning techniques for various network intrusion detection systems.",
author = "Hyunseung Choi and Mintae Kim and Gyubok Lee and Wooju Kim",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/s11227-019-02805-w",
language = "English",
journal = "Journal of Supercomputing",
issn = "0920-8542",
publisher = "Springer Netherlands",

}

Unsupervised learning approach for network intrusion detection system using autoencoders. / Choi, Hyunseung; Kim, Mintae; Lee, Gyubok; Kim, Wooju.

In: Journal of Supercomputing, 01.01.2019.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Unsupervised learning approach for network intrusion detection system using autoencoders

AU - Choi, Hyunseung

AU - Kim, Mintae

AU - Lee, Gyubok

AU - Kim, Wooju

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Network intrusion detection systems are useful tools that support system administrators in detecting various types of intrusions and play an important role in monitoring and analyzing network traffic. In particular, anomaly detection-based network intrusion detection systems are widely used and are mainly implemented in two ways: (1) a supervised learning approach trained using labeled data and (2) an unsupervised learning approach trained using unlabeled data. Most studies related to intrusion detection systems focus on supervised learning. However, the process of acquiring labeled data is expensive, requiring manual labeling by network experts. Therefore, it is worthwhile investigating the development of unsupervised learning approaches for intrusion detection systems. In this study, we developed a network intrusion detection system using an unsupervised learning algorithm autoencoder and verified its performance. As our results show, our model achieved an accuracy of 91.70%, which outperforms previous studies that achieved 80% accuracy using cluster analysis algorithms. Our results provide a practical guideline for developing network intrusion detection systems based on autoencoders and significantly contribute to the exploration of unsupervised learning techniques for various network intrusion detection systems.

AB - Network intrusion detection systems are useful tools that support system administrators in detecting various types of intrusions and play an important role in monitoring and analyzing network traffic. In particular, anomaly detection-based network intrusion detection systems are widely used and are mainly implemented in two ways: (1) a supervised learning approach trained using labeled data and (2) an unsupervised learning approach trained using unlabeled data. Most studies related to intrusion detection systems focus on supervised learning. However, the process of acquiring labeled data is expensive, requiring manual labeling by network experts. Therefore, it is worthwhile investigating the development of unsupervised learning approaches for intrusion detection systems. In this study, we developed a network intrusion detection system using an unsupervised learning algorithm autoencoder and verified its performance. As our results show, our model achieved an accuracy of 91.70%, which outperforms previous studies that achieved 80% accuracy using cluster analysis algorithms. Our results provide a practical guideline for developing network intrusion detection systems based on autoencoders and significantly contribute to the exploration of unsupervised learning techniques for various network intrusion detection systems.

UR - http://www.scopus.com/inward/record.url?scp=85062778855&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062778855&partnerID=8YFLogxK

U2 - 10.1007/s11227-019-02805-w

DO - 10.1007/s11227-019-02805-w

M3 - Article

JO - Journal of Supercomputing

JF - Journal of Supercomputing

SN - 0920-8542

ER -