An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms

Gustavo Gonzalez-Granadillo; Alejandro Bedoya; Rodrigo Diaz

doi:10.5220/0010573705680575

An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms

Gustavo Gonzalez-Granadillo, Alejandro Bedoya, Rodrigo Diaz

2021

Abstract

Network Anomaly detection is an open issue that considers the problem of finding patterns in data that do not conform to expected behavior. Anomalies exhibit themselves in network statistics differently; therefore developing general models of normal network behavior and anomalies is a challenging task. This paper presents an Improved Live Anomaly Detection System (I-LADS) based on AutoEncoder (AE), a well known deep learning algorithm, to detect network traffic anomalies. I-LADS comes in two versions: (i) I-LADS-v1, that uses filters to independently model IP addresses from the NetFlow dataset, making it possible to train one model for each filtered IP address; and (ii) I-LADS-v2, that uses no filter and therefore a single algorithm is trained for all IP addresses. Experiments have been conducted using a valid dataset containing over two million connections to build a model with multiple features in order to identify the approach that most accurately detects traffic anomalies in the target network. Preliminary results show a promising solution with 99% and 94% of accuracy for the supervised and unsupervised learning approaches respectively.

Download

Paper Citation

in Harvard Style

Gonzalez-Granadillo G., Bedoya A. and Diaz R. (2021). An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 568-575. DOI: 10.5220/0010573705680575

in Bibtex Style

@conference{secrypt21,
author={Gustavo Gonzalez-Granadillo and Alejandro Bedoya and Rodrigo Diaz},
title={An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={568-575},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010573705680575},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms
SN - 978-989-758-524-1
AU - Gonzalez-Granadillo G.
AU - Bedoya A.
AU - Diaz R.
PY - 2021
SP - 568
EP - 575
DO - 10.5220/0010573705680575