Network Anomaly Detection for NSL-KDD Dataset Using Deep Learning

Deep learning based intrusion detection cyber security methods gained increased popularity. The essential element to provide protection to the ICT infrastructure is the intrusion detection systems (IDSs). Intelligent solutions are necessary to control the complexity and increase in the new attack types. The intelligent system (DL/ML) has been widely used with its benefits to effectively deal with complex and great dimensional data. The IDS has various attack types like known, unknown, zero day attacks are attractive to and detected using unsupervised machine learning techniques. A novel methodology has been proposed that combines the benefits of Isolation forest (One Class) Support Vector Machine (OCSVM) with active learning method to detect threats without any prior knowledge. The NSL-KDD dataset has been used to evaluate the various DL methods with active learning method. The results show that this method performs better than other techniques. The design methodology inspires the efforts to emerging anomaly detection.

Download Full-text

Hybrid approach with Deep Auto-Encoder and optimized LSTM based Deep Learning approach to detect anomaly in cloud logs

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-201707 ◽

2021 ◽

pp. 1-15

Author(s):

Savaridassan Pankajashan ◽

G. Maragatham ◽

T. Kirthiga Devi

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Anomaly Detection ◽

Performance Metrics ◽

Hybrid Approach ◽

Machine Learning Techniques ◽

Support Vector ◽

Paper Machine ◽

Log Data ◽

Isolation Forest

Anomaly-based detection is coupled with recognizing the uncommon, to catch the unusual activity, and to find the strange action behind that activity. Anomaly-based detection has a wide scope of critical applications, from bank application security to regular sciences to medical systems to marketing apps. Anomaly-based detection adopted by various Machine Learning techniques is really a type of system that consists of artificial intelligence. With the ever-expanding volume and new sorts of information, for example, sensor information from an incontestably enormous amount of IoT devices and from network flow data from cloud computing, it is implicitly understood without surprise that there is a developing enthusiasm for having the option to deal with more conclusions automatically by means of AI and ML applications. But with respect to anomaly detection, many applications of the scheme are simply the passion for detection. In this paper, Machine Learning (ML) techniques, namely the SVM, Isolation forest classifiers experimented and with reference to Deep Learning (DL) techniques, the proposed DA-LSTM (Deep Auto-Encoder LSTM) model are adopted for preprocessing of log data and anomaly-based detection to get better performance measures of detection. An enhanced LSTM (long-short-term memory) model, optimizing for the suitable parameter using a genetic algorithm (GA), is utilized to recognize better the anomaly from the log data that is filtered, adopting a Deep Auto-Encoder (DA). The Deep Neural network models are utilized to change over unstructured log information to training ready features, which are reasonable for log classification in detecting anomalies. These models are assessed, utilizing two benchmark datasets, the Openstack logs, and CIDDS-001 intrusion detection OpenStack server dataset. The outcomes acquired show that the DA-LSTM model performs better than other notable ML techniques. We further investigated the performance metrics of the ML and DL models through the well-known indicator measurements, specifically, the F-measure, Accuracy, Recall, and Precision. The exploratory conclusion shows that the Isolation Forest, and Support vector machine classifiers perform roughly 81%and 79%accuracy with respect to the performance metrics measurement on the CIDDS-001 OpenStack server dataset while the proposed DA-LSTM classifier performs around 99.1%of improved accuracy than the familiar ML algorithms. Further, the DA-LSTM outcomes on the OpenStack log data-sets show better anomaly detection compared with other notable machine learning models.

Download Full-text

An Intelligent Multi-View Active Learning Method Based on a Double-Branch Network

Entropy ◽

10.3390/e22080901 ◽

2020 ◽

Vol 22 (8) ◽

pp. 901

Author(s):

Fucong Liu ◽

Tongzhou Zhang ◽

Caixia Zheng ◽

Yuanyuan Cheng ◽

Xiaoli Liu ◽

...

Keyword(s):

Artificial Intelligence ◽

Deep Learning ◽

Active Learning ◽

Sample Selection ◽

Training Dataset ◽

Learning Method ◽

Active Learning Method ◽

Level Information ◽

The Stability ◽

Different Characteristics

Artificial intelligence is one of the most popular topics in computer science. Convolutional neural network (CNN), which is an important artificial intelligence deep learning model, has been widely used in many fields. However, training a CNN requires a large amount of labeled data to achieve a good performance but labeling data is a time-consuming and laborious work. Since active learning can effectively reduce the labeling effort, we propose a new intelligent active learning method for deep learning, which is called multi-view active learning based on double-branch network (MALDB). Different from most existing active learning methods, our proposed MALDB first integrates two Bayesian convolutional neural networks (BCNNs) with different structures as two branches of a classifier to learn the effective features for each sample. Then, MALDB performs data analysis on unlabeled dataset and queries the useful unlabeled samples based on different characteristics of two branches to iteratively expand the training dataset and improve the performance of classifier. Finally, MALDB combines multiple level information from multiple hidden layers of BCNNs to further improve the stability of sample selection. The experiments are conducted on five extensively used datasets, Fashion-MNIST, Cifar-10, SVHN, Scene-15 and UIUC-Sports, the experimental results demonstrate the validity of our proposed MALDB.

Download Full-text

Comparison Between Active Learning Method and Support Vector Machine for Runoff Modeling

Journal of Hydrology and Hydromechanics ◽

10.2478/v10098-012-0002-7 ◽

2012 ◽

Vol 60 (1) ◽

pp. 16-32 ◽

Cited By ~ 3

Author(s):

Hamid Shahraiyni ◽

Mohammad Ghafouri ◽

Saeed Shouraki ◽

Bahram Saghafian ◽

Mohsen Nasseri

Keyword(s):

Support Vector Machine ◽

Active Learning ◽

Support Vector ◽

Learning Method ◽

Runoff Simulation ◽

Karoon River ◽

Discharge Data ◽

Daily Streamflow ◽

Runoff Modeling ◽

Active Learning Method

Comparison Between Active Learning Method and Support Vector Machine for Runoff ModelingIn this study Active Learning Method (ALM) as a novel fuzzy modeling approach is compared with optimized Support Vector Machine (SVM) using simple Genetic Algorithm (GA), as a well known datadriven model for long term simulation of daily streamflow in Karoon River. The daily discharge data from 1991 to 1996 and from 1996 to 1999 were utilized for training and testing of the models, respectively. Values of the Nash-Sutcliffe, Bias, R2, MPAE and PTVE of ALM model with 16 fuzzy rules were 0.81, 5.5 m3s-1, 0.81, 12.9%, and 1.9%, respectively. Following the same order of parameters, these criteria for optimized SVM model were 0.8, -10.7 m3s-1, 0.81, 7.3%, and -3.6%, respectively. The results show appropriate and acceptable simulation by ALM and optimized SVM. Optimized SVM is a well-known method for runoff simulation and its capabilities have been demonstrated. Therefore, the similarity between ALM and optimized SVM results imply the ability of ALM for runoff modeling. In addition, ALM training is easier and more straightforward than the training of many other data driven models such as optimized SVM and it is able to identify and rank the effective input variables for the runoff modeling. According to the results of ALM simulation and its abilities and properties, it has merit to be introduced as a new modeling method for the runoff modeling.

Download Full-text

Active deep learning method for the discovery of objects of interest in large spectroscopic surveys

Astronomy and Astrophysics ◽

10.1051/0004-6361/201936090 ◽

2020 ◽

Vol 643 ◽

pp. A122

Author(s):

P. Škoda ◽

O. Podsztavek ◽

P. Tvrdík

Keyword(s):

Active Learning ◽

Emission Line ◽

Visual Analysis ◽

Wavelength Conversion ◽

Machine Learning Techniques ◽

Learning Method ◽

Deep Convolutional Neural Networks ◽

Line Shapes ◽

Active Learning Method ◽

Interactive Visualisation

Context. Current archives of the LAMOST telescope contain millions of pipeline-processed spectra that have probably never been seen by human eyes. Most of the rare objects with interesting physical properties, however, can only be identified by visual analysis of their characteristic spectral features. A proper combination of interactive visualisation with modern machine learning techniques opens new ways to discover such objects. Aims. We apply active learning classification methods supported by deep convolutional neural networks to automatically identify complex emission-line shapes in multi-million spectra archives. Methods. We used the pool-based uncertainty sampling active learning method driven by a custom-designed deep convolutional neural network with 12 layers. The architecture of the network was inspired by VGGNet, AlexNet, and ZFNet, but it was adapted for operating on one-dimensional feature vectors. The unlabelled pool set is represented by 4.1 million spectra from the LAMOST data release 2 survey. The initial training of the network was performed on a labelled set of about 13 000 spectra obtained in the 400 Å wide region around Hα by the 2 m Perek telescope of the Ondřejov observatory, which mostly contains spectra of Be and related early-type stars. The differences between the Ondřejov intermediate-resolution and the LAMOST low-resolution spectrographs were compensated for by Gaussian blurring and wavelength conversion. Results. After several iterations, the network was able to successfully identify emission-line stars with an error smaller than 6.5%. Using the technology of the Virtual Observatory to visualise the results, we discovered 1013 spectra of 948 new candidates of emission-line objects in addition to 664 spectra of 549 objects that are listed in SIMBAD and 2644 spectra of 2291 objects identified in an earlier paper of a Chinese group led by Wen Hou. The most interesting objects with unusual spectral properties are discussed in detail.

Download Full-text