Skip to main content

Exploring Hidden Anomalies in UGR’16 Network Dataset with Kitsune

  • Conference paper
  • First Online:
Flexible Query Answering Systems (FQAS 2023)


Given the significant increase in cyberattacks and attempts to gain unauthorized access to systems and information, Network Intrusion Detection Systems (NIDS) have become essential tools for their detection. Anomaly-based systems apply machine learning techniques with the goal of being able to distinguish between normal and abnormal traffic. To this end, they use training datasets that have been previously labeled, which allow them to learn how to detect anomalies in future data. This work tests Kitsune, one of the state-of-the-art NIDS based on an ensemble of Autoencoders. To do so, four experimental scenarios have been implemented using the UGR’16 dataset. The results obtained not only validate Kitsune as a reliable reference anomaly detector although is very sensitive to poisoned data, but also reveal new and potential anomalous behaviors that have not been identified until to date.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


  1. 1.

    KitNET link:


  1. De la Hoz, E., De la Hoz, E.M., Ortiz, A., Ortega, J.: Modelo de detección de intrusiones en sistemas de red, realizando selección de características con FDR y entrenamiento y clasificación con SOM. Revista INGE CUC 8, 85–116 (2012)

    Google Scholar 

  2. Othman, S.M., Alsohybe, N.T., Ba-Alwi, F.M., Zahary, A.T.: Survey on intrusion detection system types. Int. J. Cyber-Secur. Digital Forensics 7(4), 444–463 (2018)

    Google Scholar 

  3. Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Network Comput. Appl. 36(1), 16–24 (2013)

    Article  Google Scholar 

  4. Thottan, M., Liu, G., Ji, C.: Anomaly detection approaches for communication networks. Algorithms for Next Generation Networks, pp. 239–261 (2010)

    Google Scholar 

  5. Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  6. Fernandes, G., Rodrigues, J.J.P.C., Carvalho, L.F., Al-Muhtadi, J.F., Proença, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2019)

    Article  Google Scholar 

  7. Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Network Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  8. Shyu, M.-L., Chen, S.-C., Sarinnapakorn, K., Chang, L.: A novel anomaly detection scheme based on principal component classifier. In: Proceedings of International Conference on Data Mining (2003)

    Google Scholar 

  9. Swarnkar, M., Hubballi, N.: OCPAD: One class Naive Bayes classifier for payload based anomaly detection. Expert Syst. Appl. 64, 330–339 (2016)

    Article  Google Scholar 

  10. Wang, H., Gu, J., Wang, S.: An effective intrusion detection framework based on SVM with feature augmentation. Knowl.-Based Syst. 136, 130–139 (2017)

    Article  Google Scholar 

  11. Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 22(1), 949–961 (2019)

    Article  Google Scholar 

  12. Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M., Han, K.: Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48 231–248 (2018). 246, 2018, conference Name: IEEE Access

    Google Scholar 

  13. Aygun, R.C., Yavuz, A.G.: Network anomaly detection with stochastically improved autoencoder based models. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 193–198, June 2017

    Google Scholar 

  14. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Network and Distributed System Security Symposium (2018)

    Google Scholar 

  15. Yilmaz, I., Masum, R.: Expansion of cyber attack data from unbalanced datasets using generative techniques. arXiv preprint arXiv:1912.04549 (2019)

  16. Yasin, S.M.A.: Anomaly-based network intrusion detection system using deep neural networks (anids-dnn), Ph.D. dissertation, Al-Quds University (2023)

    Google Scholar 

  17. Yilmaz, I., Masum, R., Siraj, A.: Addressing imbalanced data problem with generative adversarial network for intrusion detection. In: 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), pp. 25–30. IEEE (2020)

    Google Scholar 

  18. Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: Ugr ‘16: a new dataset for the evaluation of cyclostationarity-based network idss. Comput. Secur. 73, 411–424 (2018)

    Article  Google Scholar 

  19. García Fuentes, M.N.: Multivariate Statistical Network Monitoring for Network Security based on Principal Component Analysis. Universidad de Granada, 2021, accepted: 2021–04-14T08:40:39Z. [Online].

  20. Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10(5), 1775 (2020)

    Article  Google Scholar 

  21. Camacho, J., Maciá-Fernández, G., Díaz-Verdejo, J., García-Teodoro: Tackling the big data 4 vs for anomaly detection. In: 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 500–505 (2014)

    Google Scholar 

  22. Camacho, J.: “FCParser.” (2017)

  23. Powers, D.M.: Evaluation: from precision, recall and f-measure to roc, informedness, markedness and correlation (2020). arXiv preprint arXiv:2010.16061

Download references


This work has been partially funded by the SICRAC (PID2020-114495RB-I00) and ANIMaLICoS (PID2020-113462RB-I00) projects of the Spanish Ministry of Science, Innovation and Universities and the PPJIA2022-51 and PPJIA2022-52 projects from the University of Granada’s own funding plan.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Joaquín Gaspar Medina-Arco .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Medina-Arco, J.G., Magán-Carrión, R., Rodríguez-Gómez, R.A. (2023). Exploring Hidden Anomalies in UGR’16 Network Dataset with Kitsune. In: Larsen, H.L., Martin-Bautista, M.J., Ruiz, M.D., Andreasen, T., Bordogna, G., De Tré, G. (eds) Flexible Query Answering Systems. FQAS 2023. Lecture Notes in Computer Science(), vol 14113. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42934-7

  • Online ISBN: 978-3-031-42935-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics