A CNN-based Attack Classification versus an AE-based Unsupervised Anomaly Detection for Intrusion Detection Systems

Abstract

As the cyber threat landscape expands, attacks are becoming stealthier, faster and smarter. Traditional security techniques therefore become ineffective against polymorphic threats and zero-day attacks. Thus, research is increasingly oriented towards AI. Machine Learning (ML) quickly showed its limits due to the amount of data and the high dimensionality imposed by the Big Data era, and the workload on manual feature extraction. IDS based on ML has thus shown poor performance and Deep IDS based on ML has thus shown poor performance and Deep we propose traffic classification by a one-dimensional CNN and we propose traffic classification by a one-dimensional CNN and anomaly detection by a deep/stacked autoencoder (DAE). The evaluation of the proposed models show that the false alarm rate (FAR) and the false negative rate (FNR) are very low. Additionally, the DAE model works well against almost any attack. Finally, both models show high performance.