CRND: An Unsupervised Learning Method to Detect Network Anomaly

Abstract

Network anomaly detection system (NADS) is one of the most important methods to maintain network system security. At present, network anomaly detection models based on deep learning have become a research hotspot in the area because of their advantage in processing high-dimensional data and excellent performance on detecting anomaly. However, most of the related research studies are based on supervised learning, which has strict requirements for dataset such as labels with high accuracy. However, there are some difficulties in obtaining a large amount of data with complete label message, thus seriously hindering the development and deployment of NADS based on DL. In this paper, we propose an unsupervised learning method to detect network anomaly, contrastive representation for network data (CRND). Based on contrastive learning, without label message, a qualified model is trained, providing more possibilities for the field. On CICIDS2018, the evaluation experiment proves that CRND can achieve 96.13% accuracy with only 200 items, and its F1-score reaches 0.96, which is far higher than that of other existing unsupervised learning methods. As fine-tuning is carried out, F1-score can reach a convergence level of 0.99, and the detection performance is the same as that of the detection model based on supervised learning.