Autoencoder-based deep metric learning for network intrusion detection

作     者：Andresini, Giuseppina Appice, Annalisa Malerba, Donato 

作者机构：Univ Bari Aldo Moro Dept Informat Via Orabona 4 I-70125 Bari Italy Consorzio Interuniv Nazl Infomat CINI Rome Italy 

出 版 物：《INFORMATION SCIENCES》 (信息科学)

年 卷 期：2021年第569卷

页      面：706-727页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：MIUR-Ministero dell'Istruzione dell'Universit a e della Ricerca [ARS01_01116] project "Modelli e tecniche di data science per la analisi di dati strutturati" - University of Bari "Aldo Moro" 

主　　题：Network intrusion detection Deep metric learning Triplet network Autoencoder 

摘      要：Nowadays intrusion detection systems are a mandatory weapon in the war against the ever-increasing amount of network cyber attacks. In this study we illustrate a new intrusion detection method that analyses the flow-based characteristics of the network traffic data. It learns an intrusion detection model by leveraging a deep metric learning methodology that originally combines autoencoders and Triplet networks. In the training stage, two separate autoencoders are trained on historical normal network flows and attacks, respectively. Then a Triplet network is trained to learn the embedding of the feature vector representation of network flows. This embedding moves each flow close to its reconstruction, restored with the autoencoder associated with the same class as the flow, and away from its reconstruction, restored with the autoencoder of the opposite class. The predictive stage assigns each new flow to the class associated with the autoencoder that restores the closest reconstruction of the flow in the embedding space. In this way, the predictive stage takes advantage of the embedding learned in the training stage, achieving a good prediction performance in the detection of new signs of malicious activities in the network traffic. In fact, the proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on benchmark datasets. (c) 2021 Elsevier Inc. All rights reserved.