Abstract

Network Anomaly Detection (NAD) has become the foundation for network management and security due to the rapid development and adoption of edge computing technologies. There are two main characteristics of NAD tasks: tabular input data and imbalanced classes. Tabular input data format means NAD tasks take both sparse categorical features and dense numerical features as input. In order to achieve good performance, the detection model needs to handle both types of features efficiently. Among all widely used models, Gradient Boosting Decision Tree (GBDT) and Neural Network (NN) are the two most popular ones. However, each method has its limitation: GBDT is inefficient when dealing with sparse categorical features, while NN cannot yield satisfactory performance for dense numerical features. Imbalanced classes may downgrade the classifier’s performance and cause biased results towards the majority classes, often neglected by many exiting NAD studies. Most of the existing solutions addressing imbalance suffer from poor performance, high computational consumption, or loss of vital information under such a scenario. In this paper, we propose an adaptive ensemble-based method, named GTF, which combines TabTransformer and GBDT to leverage categorical and numerical features effectively and introduces Focal Loss to mitigate the imbalance classification. Our comprehensive experiments on two public datasets demonstrate that GTF can outperform other well-known methods in both multiclass and binary cases. Our implementation also shows that GTF has limited complexity, making it be a good candidate for deployment at the network edge.

Highlights

  • In the past few decades, the Internet of ings (IoT) and cloud services have penetrated many aspects of our lives and served quantities of applications, for example, automated vehicles, medical applications, industrial IoT, and cloud data centers [1,2,3,4]. ese emerging applications have shown considerable potential in improving the quality of life and network services

  • Similar scenarios exist in other realworld applications, such as credit fraud detection [23] and medical diagnosis [24], but we focus on the Network Anomaly Detection (NAD) task at the network edge in this paper

  • We propose a novel method for the NAD task, called GTF, an ensemble of Gradient Boosting Decision Tree (GBDT) and TabTransformer enhanced with Focal Loss

Read more

Summary

Introduction

In the past few decades, the Internet of ings (IoT) and cloud services have penetrated many aspects of our lives and served quantities of applications, for example, automated vehicles, medical applications, industrial IoT, and cloud data centers [1,2,3,4]. ese emerging applications have shown considerable potential in improving the quality of life and network services. In the past few decades, the Internet of ings (IoT) and cloud services have penetrated many aspects of our lives and served quantities of applications, for example, automated vehicles, medical applications, industrial IoT, and cloud data centers [1,2,3,4]. Ese emerging applications have shown considerable potential in improving the quality of life and network services. The proliferation of these new technologies has led to an increasing trend of cyberspace attacks and other threats, making security concerns still hamper IoT adoption. Network security is a critical concern in our daily lives and business operations. With the prevalent application of artificial intelligence, machine learning (ML), especially deep learning (DL), has attracted much attention in edge computing and cloud computing [6,7,8,9,10], due to its advantages in discovering

Objectives
Methods
Results
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
DeepGBM
Guolin Ke ... Zhenhui Xu
-
Guolin Ke, et. al.Guolin Ke ... Zhenhui Xu
25 Jul 2019
Hybrid Model for Network Anomaly Detection with Gradient Boosting Decision Trees and Tabtransformer
Xinyue Xu ... Xiaolu Zheng
-
Xinyue Xu, et. al.Xinyue Xu ... Xiaolu Zheng
06 Jun 2021
Robust-GBDT: Leveraging Robust Loss for Noisy and Imbalanced Classification with GBDT
Jiaqi Luo ... Yuedong Quan
-
Jiaqi Luo, et. al.Jiaqi Luo ... Yuedong Quan
23 Jul 2024
SAINTENS: Self-Attention and Intersample Attention Transformer for Digital Biomarker Development Using Tabular Healthcare Real World Data
Julian Gutheil ... Klaus Donsa
-
Julian Gutheil, et. al.Julian Gutheil ... Klaus Donsa
16 May 2022
View more papers

More From: Security and Communication Networks

Paper Title
Journal
Date
Author
HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection
Peng Xiao ... Zhenhong Zhang
Security and Communication Networks | VOL. -
Peng Xiao, et. al.Peng Xiao ... Zhenhong Zhang
30 May 2024
A Robust Coverless Image Steganography Algorithm Based on Image Retrieval with SURF Features
Fan Li ... Chenyang Liu
Security and Communication Networks | VOL. 2024
Fan Li, et. al.Fan Li ... Chenyang Liu
18 May 2024
Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset
Mudassar Waheed ... Sana Qadir
Security and Communication Networks | VOL. 2024
Mudassar Waheed, et. al.Mudassar Waheed ... Sana Qadir
08 Apr 2024
Securing the Transmission While Enhancing the Reliability of Communication Using Network Coding in Block-Wise Transfer of CoAP
Mohammed D Halloush
Security and Communication Networks | VOL. 2024
Mohammed D HalloushMohammed D Halloush
28 Mar 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.