Cong Thanh Bui, V. Cao, Minh Hoang, Nguyen Quang Uy
{"title":"一种用于入侵检测系统异常检测的聚类收缩自编码器","authors":"Cong Thanh Bui, V. Cao, Minh Hoang, Nguyen Quang Uy","doi":"10.1109/KSE.2019.8919446","DOIUrl":null,"url":null,"abstract":"Detecting anomalies is an essential problem in many Intrusion Detection Systems (IDSs). This problem has received increasing attention from researchers and practitioners recently. Among many approaches developed for detecting and preventing the abnormal accesses to information systems, Shrink AutoEncoder (SAE) is an appealing technique due to its simplicity in implementation and effectiveness in detecting network attacks. However, this model has a potential drawback when applying to datasets with the presence of several clusters. The reason is that it attempts to compress all normal data samples into a single cluster in the hidden space of an AutoEncoder. In our research, we introduce a hybrid model between K-means clustering algorithm and SAE to lessen the limitation of SAE in handling such datasets. Our model tested on five popular IDS datasets, and the empirical outcomes show that it helps to improve the accuracy of SAE in detecting anomalies in datasets that can divide into some smaller clusters.","PeriodicalId":439841,"journal":{"name":"2019 11th International Conference on Knowledge and Systems Engineering (KSE)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A Clustering-based Shrink AutoEncoder for Detecting Anomalies in Intrusion Detection Systems\",\"authors\":\"Cong Thanh Bui, V. Cao, Minh Hoang, Nguyen Quang Uy\",\"doi\":\"10.1109/KSE.2019.8919446\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting anomalies is an essential problem in many Intrusion Detection Systems (IDSs). This problem has received increasing attention from researchers and practitioners recently. Among many approaches developed for detecting and preventing the abnormal accesses to information systems, Shrink AutoEncoder (SAE) is an appealing technique due to its simplicity in implementation and effectiveness in detecting network attacks. However, this model has a potential drawback when applying to datasets with the presence of several clusters. The reason is that it attempts to compress all normal data samples into a single cluster in the hidden space of an AutoEncoder. In our research, we introduce a hybrid model between K-means clustering algorithm and SAE to lessen the limitation of SAE in handling such datasets. Our model tested on five popular IDS datasets, and the empirical outcomes show that it helps to improve the accuracy of SAE in detecting anomalies in datasets that can divide into some smaller clusters.\",\"PeriodicalId\":439841,\"journal\":{\"name\":\"2019 11th International Conference on Knowledge and Systems Engineering (KSE)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 11th International Conference on Knowledge and Systems Engineering (KSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/KSE.2019.8919446\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 11th International Conference on Knowledge and Systems Engineering (KSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/KSE.2019.8919446","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Clustering-based Shrink AutoEncoder for Detecting Anomalies in Intrusion Detection Systems
Detecting anomalies is an essential problem in many Intrusion Detection Systems (IDSs). This problem has received increasing attention from researchers and practitioners recently. Among many approaches developed for detecting and preventing the abnormal accesses to information systems, Shrink AutoEncoder (SAE) is an appealing technique due to its simplicity in implementation and effectiveness in detecting network attacks. However, this model has a potential drawback when applying to datasets with the presence of several clusters. The reason is that it attempts to compress all normal data samples into a single cluster in the hidden space of an AutoEncoder. In our research, we introduce a hybrid model between K-means clustering algorithm and SAE to lessen the limitation of SAE in handling such datasets. Our model tested on five popular IDS datasets, and the empirical outcomes show that it helps to improve the accuracy of SAE in detecting anomalies in datasets that can divide into some smaller clusters.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
