Abstract
Network anomaly detection techniques can identify potential attacks from network traffic. However, they have been less than ideal in terms of detection accuracy. One important reason is that, for real network traffic data, different kinds of data have highly similar characteristics, thus leading to the situation that models misclassify the data with very similar characteristics. This situation accounts for the majority of misclassified samples. Accordingly, this paper proposes a feature transfer based neural network anomaly detection algorithm, which achieves complete detection of anomalous data, both known and unknown attacks (theoretically), by transferring the range of features common to highly similar normal and abnormal data to the range of anomalous data features. Since the algorithm’s effectiveness depends on the feature variability of the normal data samples, and it isn’t easy to obtain a pair of normal data samples with completely different features, this paper uses only one kind of normal data sample with good consistency. This paper uses the Transformer model to build the experimental framework and conduct 50 iterations of the experiment. The Corrected validation set from the KDD99 dataset is used to validate the model training effect. The experiments show that, relative to the original model, the error rate decreases by 1.38% on average after using this algorithm, the specificity of unknown attacks increases by 27.9% on average, and the number of attack categories with more than 90% specificity of unknown attacks increases from one to six.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, H., Li, J.: A new network intrusion detection based on semi-supervised dimensionality reduction and tri-LightGBM. In: 2020 International Conference on Pervasive Artificial Intelligence (ICPAI), pp. 35–40 IEEE (2020)
Yuan, Y., Huo, L., Yuan, Y., et al.: Semi-supervised tri-Adaboost algorithm for network intrusion detection. Int. J. Distrib. Sens. Netw. 15(6), 1550147719846052 (2019)
Jiang, E.P.: A semi-supervised learning model for intrusion detection. Intell. Decis. Technol. 13(3), 343–353 (2019)
Huang, S., Lei, K.: IGAN-IDS: an imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Netw. 105(8), 350–368 (2020)
Guo, P., Wang, L., et al.: A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Sci. Technol. 26(02), 14–21 (2021)
AlEroud, A., Karabatis, G.: Detecting unknown attacks using context similarity. In: Alsmadi, I., Karabatis, G., Aleroud, A. (eds.) Information Fusion for Cyber-Security Analytics. SCI, vol. 691, pp. 53–75. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-44257-0_3
Song, J., Takakura, H., Okabe, Y., et al.: Unsupervised anomaly detection based on clustering and multiple one-class SVM. IEICE Trans. Commun. 92(6), 1981–1990 (2009)
Li, Z., Qin, Z., Shen, P., Jiang, L.: Zero-shot learning for intrusion detection via attribute representation. In: Gedeon, T., Wong, K., Lee, M. (eds.) ICONIP 2019. LNCS, vol. 11953, pp. 352–364. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36708-4_29
Zhang, Z., Liu, Q., Qiu, S., et al.: Unknown attack detection based on zero-shot learning. IEEE Access 8, 193981–193991 (2020)
Chen, P., Guo, Y.F., Zhang, J.P., et al.: A deep neural network preprocessing method for unknown attack detection. J. Inf. Eng. Univ. 22(2), 200–207 (2021)
Davis, J.J., Clark, A.J.: Data preprocessing for anomaly-based network intrusion detection: a review. Comput. Secur. 30(6), 353–375 (2011)
Taeshik, S., Jongsub, M.: A hybrid machine learning approach to network anomaly detection. Inf. Sci. 177(18), 3799–3821 (2007)
Lin, W., Ke, S.W., Tsai, C.F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based Syst. 78(1), 13–21 (2015)
Feng, Y.Y., Shi, Z.B.: CNN-based network intrusion detection under imbalanced data. J. North Cent. Univ. (Nat. Sci. Ed.) 42(4), 318–324 (2021)
Xueli, X., Juan, D., Chuangbai, X., et al.: Message intrusion detection method based on CNN and SVM. Comput. Syst. Appl. 29(6), 39–46 (2020)
Vaswani, A., Shazeer, N., Parmar, N., et al.: Attention is all you need, pp. 2999–3007. arXiv 2017. arXiv preprint arXiv:1706.03762 (2017)
Ambwani, T.: Multi-class support vector machine implementation to intrusion detection. In: International Joint Conference on Neural Networks. IEEE (2003)
Hu, Z., Wang, L., Qi, L., et al.: A novel wireless network intrusion detection method based on adaptive synthetic sampling and an improved convolutional neural network. IEEE Access 8, 195741–195751 (2020)
Yan, Y., Qi, L., Wang, J., et al.: A network intrusion detection method based on stacked auto-encoder and LSTM. In: ICC2020–2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, T., Wen, K. (2022). Feature Transfer Based Network Anomaly Detection. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)