Deep Learning for Network Anomalies Detection

Abstract

Intrusion Detection Systems (IDS) provide substantial measures to protect networks assets. IDSs are software /hardware systems dedicated to exposing network threats. Signature-based, and anomalies detection are conventional approaches applied for the detection. Signaturebased approach inspects the network traffic for a predefined threats signature pattern. This technique suffers limitations in detecting unprecedented attacks. The anomalies detection systems deploy methods to separate the normal and abnormal network traffics. These methods experience inaccurate results, e.g., high false-positives and true- negative alarms. Anomalies detection adopted various methods, for instance, statistical methods, rule-based, and machine learning algorithms. The neural network is one of the machine learning algorithms utilized in intrusion detection, unfortunately, with discouraging accuracy results. Recently, breakthroughs in the neural network were achieved by training deeper neural networks. The approach is known as Deep Learning (DL), it proofed success in several applications domains, e.g., objects and voice recognition. However, there is a limitation on applying deep learning in outliers detection specifically, in network anomalies detection. In this paper, we are revisiting network anomaly detection to explore the potentials of DL for network threats detection . In our study, we focus on unsupervised learning DL algorithms. The study proposes a semi-supervised detection framework based on Unsupervised DL algorithms. The research explores the opportunities and challenges of applying DL to detect anomalies, primarily, autoencoders as a non-probabilistic algorithm. We provide an in-depth-analysis for AE for anomalies detection. Our results show the USDL would enhance detection with accuracy over 99%.