![]() In this context, several approaches proposed the generative adversarial network (GAN) to learn and mimic the distribution of unlabeled input traffic samples based on unsupervised learning, to then generate a synthetic sample having a robust resemblance to the original traffic samples. Some studies tried to overcome the reduced availability of labeled datasets by generating a synthetic traffic sample. Reduced traffic samples provide limited information affecting the detection performance of a supervised model. Therefore, there are a limited amount of labeled traffic samples available for supervised learning. Yet, labeling a vast volume of network traffic traces is an arduous and error-prone task, involving manual labeling by network experts . Moreover, with the rise of the era of big data, and fast evolution in storage technology, it is becoming relatively easy to generate and store a large amount of unlabeled data. Supervised deep learning is the most common deep learning approach, which relies on a large number of labeled samples to generate an effective classification model. The quality and quantity of traffic samples have a strong impact on the effectiveness of the DL model . The recent rise of several state-of-the-art deep learning (DL) based approaches for intrusion detection systems (IDS) has significantly contributed to an improved detection performance of intrusions. Furthermore, the DAE module reduces the input network traffic data to one-tenth of the size of the input dataset. Additionally, it is trained in 64 min while achieving a low false alarm rate. Our approach outperforms competitive methods while maintaining stable classification results above 99.6% on F1-score, precision, and recall metrics. Comparative analysis is performed between the proposed approach and the most relevant deep learning methods available in the literature against the CICIDS2018 dataset, consisting of recent network attack traces. The network architecture is optimized by tuning hyper-parameters using a trial-and-error approach. Then a portion of the compressed data is used to train the DNN classifier based on a multiclass supervised approach. The unsupervised pre-training approach is implemented based on a denoising autoencoder (DAE), to compress the intrusion dataset and obtain the lower-dimensional features representation. Therefore, to address the lack of labeled network traffic required to train an effective supervised classifier, this study introduces a semi-supervised intrusion detection framework that combines the unsupervised and supervised techniques. In the real world, there is a limited amount of labeled data available to train a deep neural network, affecting the classifier’s detection performance. However, most of the progress has occurred in supervised learning, which required a vast amount of labeled training samples. The introduction of deep learning techniques in intrusion detection problems has enabled an enhanced standard of detection effectiveness.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |