Model fusion of deep neural networks for anomaly detection

Citation

AlDahoul, Nouar and Abdul Karim, Hezerul and Ba Wazir, Abdulaziz Saleh (2021) Model fusion of deep neural networks for anomaly detection. Journal of Big Data, 8. pp. 1-18. ISSN 2196-1115

[img] Text
Model fusion of deep neural networks for anomaly detection.pdf
Restricted to Repository staff only

Download (1MB)

Abstract

Network Anomaly Detection is still an open challenging task that aims to detect anomalous network traffic for security purposes. Usually, the network traffic data are large-scale and imbalanced. Additionally, they have noisy labels. This paper addresses the previous challenges and utilizes million-scale and highly imbalanced ZYELL’s dataset. We propose to train deep neural networks with class weight optimization to learn complex patterns from rare anomalies observed from the traffic data. This paper proposes a novel model fusion that combines two deep neural networks including binary normal/attack classifier and multi-attacks classifier. The proposed solution can detect various network attacks such as Distributed Denial of Service (DDOS), IP probing, PORT probing, and Network Mapper (NMAP) probing. The experiments conducted on a ZYELL’s real-world dataset show promising performance. It was found that the proposed approach outperformed the baseline model in terms of average macro Fβ score and false alarm rate by 17% and 5.3%, respectively.

Item Type: Article
Uncontrolled Keywords: Anomaly detection, Deep neural network, Highly imbalanced data, Model fusion, Class weight optimization
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science
Divisions: Faculty of Engineering (FOE)
Depositing User: Ms Nurul Iqtiani Ahmad
Date Deposited: 30 Aug 2021 10:59
Last Modified: 30 Aug 2021 10:59
URII: http://shdl.mmu.edu.my/id/eprint/9446

Downloads

Downloads per month over past year

View ItemEdit (login required)