Anomaly-based Intrusion Detection Using Auto-encoder

Abstract

Intrusion detection systems do not perform well when it comes to detecting new attacks. Therefore improving their performance in that regard is an active research topic. In this study, to detect unknown attacks with high accuracy, we have proposed an anomaly detection model based on auto-encoder. Generally speaking, the key factor that directly affects the accuracy of the proposed relevant anomaly detection models, is the threshold value estimation. For this reason, we propose an efficient anomaly detection model based on Auto-encoder and novel thresholding procedure, using training data reconstruction error percentiles and parameters fine-tuning, rather than the relevant state-of-the-art thresholding approaches in the current literature. The proposed method has been evaluated and compared to the widely used anomaly detection thresholding methods, on the KDDCUP'99 network traffic connections testing and training sets. Our experimental results have demonstrated that our method has outperformed the other methods, in term of classification performance, with amelioration of up to 7% of the Area Under the ROC Curve.