Affiliation:
1. Software and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, Israel
Abstract
Machine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works mainly focused on improving the anomaly detector itself, whereas in this paper, we introduce a novel method, Test-Time Augmentation for Network Anomaly Detection (TTANAD), which utilizes test-time augmentation to enhance anomaly detection from the data side. TTANAD leverages the temporal characteristics of traffic data and produces temporal test-time augmentations on the monitored traffic data. This method aims to create additional points of view when examining network traffic during inference, making it suitable for a variety of anomaly detector algorithms. Our experimental results demonstrate that TTANAD outperforms the baseline in all benchmark datasets and with all examined anomaly detection algorithms, according to the Area Under the Receiver Operating Characteristic (AUC) metric.
Subject
General Physics and Astronomy
Reference45 articles.
1. A hybrid malicious code detection method based on deep learning;Li;Int. J. Secur. Appl.,2015
2. A survey of deep learning-based network anomaly detection;Kwon;Clust. Comput.,2019
3. A comprehensive survey on network anomaly detection;Fernandes;Telecommun. Syst.,2019
4. Anomaly-based network intrusion detection: Techniques, systems and challenges;Comput. Secur.,2009
5. Zhang, J., and Zulkernine, M. (2006, January 11–15). Anomaly based network intrusion detection with unsupervised outlier detection. Proceedings of the 2006 IEEE International Conference on Communications, Istanbul, Turkey.