Network Anomaly Detection With Temporal Convolutional Network and U-Net Model

Abstract

Anomaly detection in network traffic is one of the key techniques to ensure security in future networks. Today, the importance of this topic is even higher, since the network traffic is growing and there is a need to have smart algorithms, which can automatically adapt to new network conditions, detect threats and recognize the type of the possible network attack. Nowadays, there are a lot of different approaches, some of them have reached relatively sufficient accuracy. However, the majority of works are being tested on old datasets, which do not reflect current network conditions and it leads to overfitted results. This is caused by high redundancy of the data and because they fail to reflect the performance of the latest methods in the real-world anomaly detection applications. In this work, we applied a couple of new methods based on convolutional neural networks: U-Net based and Temporal convolutional network based for network attack classification. We trained and evaluated methods on the old dataset KDD99 and the modern large-scale one CSE-CIC-IDS2018. According to results, Temporal convolutional network with LSTM has achieved accuracy 92% and 97% on the KDD99 and the CSE-CIC-IDS2018 respectively, the U-Net model has accuracy 93% and 94% on the KDD99 and the CSE-CIC-IDS2018 respectively. Additionally, we utilized the focal loss function in the Temporal convolutional network with Long Short-Term Memory model, which has positive effect on class imbalance in time-series data. We showed, that the Temporal convolutional network in combination with Long Short-Term Memory network and U-Net model can give higher accuracy compared to other network architectures for network traffic classification. In this work we also proved, that methods trained on the old dataset can easily overfit during training and achieve relatively good results on the testing set, but at the same time, these methods are not so successful on more complex and actual data.Anomaly detection in network traffic is one of the key techniques to ensure security in future networks. Today, the importance of this topic is even higher, since the network traffic is growing and there is a need to have smart algorithms, which can automatically adapt to new network conditions, detect threats and recognize the type of the possible network attack. Nowadays, there are a lot of different approaches, some of them have reached relatively sufficient accuracy. However, the majority of works are being tested on old datasets, which do not reflect current network conditions and it leads to overfitted results. This is caused by high redundancy of the data and because they fail to reflect the performance of the latest methods in the real-world anomaly detection applications. In this work, we applied a couple of new methods based on convolutional neural networks: U-Net based and Temporal convolutional network based for network attack classification. We trained and evaluated methods on the old dataset KDD99 and the modern large-scale one CSE-CIC-IDS2018. According to results, Temporal convolutional network with LSTM has achieved accuracy 92% and 97% on the KDD99 and the CSE-CIC-IDS2018 respectively, the U-Net model has accuracy 93% and 94% on the KDD99 and the CSE-CIC-IDS2018 respectively. Additionally, we utilized the focal loss function in the Temporal convolutional network with Long Short-Term Memory model, which has positive effect on class imbalance in time-series data. We showed, that the Temporal convolutional network in combination with Long Short-Term Memory network and U-Net model can give higher accuracy compared to other network architectures for network traffic classification. In this work we also proved, that methods trained on the old dataset can easily overfit during training and achieve relatively good results on the testing set, but at the same time, these methods are not so successful on more complex and actual data.