Intrusion Detection Method Using Unsupervised 
Learning-Based Embedding and Autoencoder

Junwoo Lee; Kangseok Kim

Intrusion Detection Method Using Unsupervised Learning-Based Embedding and Autoencoder

Junwoo Lee

Kangseok Kim

KIPS Transactions on Software and Data Engineering, Vol. 12, No. 8, pp. 355-364, Aug. 2023

https://doi.org/10.3745/KTSDE.2023.12.8.355, PDF Download:

Keywords: Anomaly Detection, Unsupervised learning, Embedding Techniques, Autoencoder, Time-Series Data
Abstract

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

J. Lee and K. Kim, "Intrusion Detection Method Using Unsupervised Learning-Based Embedding and Autoencoder," KIPS Transactions on Software and Data Engineering, vol. 12, no. 8, pp. 355-364, 2023. DOI: https://doi.org/10.3745/KTSDE.2023.12.8.355.

[ACM Style]

Junwoo Lee and Kangseok Kim. 2023. Intrusion Detection Method Using Unsupervised Learning-Based Embedding and Autoencoder. KIPS Transactions on Software and Data Engineering, 12, 8, (2023), 355-364. DOI: https://doi.org/10.3745/KTSDE.2023.12.8.355.