Go to DBLP homepageSG-RSRNN - Score Guided Robust Subspace Recovery-based Neural Network for Network Intrusion Detection
Abstract: The current era of ubiquitous Internet connectivity has made network security a vital concern. A robust and safe network environment is crucial to protect users from malicious activities. Intrusion detection techniques play a valuable role in safeguarding IT infrastructure from malicious actors. Research teams have developed methods to identify patterns in network traffic that deviate from normal or expected behaviors, often considered outliers or anomalies. Network-based anomaly detection techniques can construct behavioral models to detect anomalous or suspicious activities in the network by leveraging machine learning approaches. Autoencoders are widely used in network anomaly detection models, utilizing reconstruction errors to identify attacks accurately. However, these models primarily rely on reconstruction errors, which might miss anomalies if the model learns to recreate the anomalous traffic precisely, adapting to reconstructing anomalous traffic could render the autoencoders ineffective in such cases. Moreover, the presence of both normal and abnormal samples within the data can obscure the identification of anomalies, particularly those residing in the transitional zones between data distributions. Introducing regularization methods can enforce robustness against anomalies, encouraging the model to learn fundamental underlying regularities capable of improving the distinction between normal and abnormal data. This work incorporates a special regularization method into the latent space of an autoencoder to enforce anomaly-robust structure. A scoring neural network is then used to improve the detection capabilities in the data transition zone by amplifying the differences between normal and abnormal data. The experimental results in relevant datasets show our proposal outperforms strong competitors in detecting anomalies in network traffic data.
Loading