What is it about?

Intrusion detection is one of the major challenges in today’s security industry. In this context, deep learning networks may play an important role, by analyzing network flows and classifying them as "normal" or "intrusion". This work presents a deep learning architecture for network attacks detection. The problem is tackled as a semi-supervised task, and the anomaly detector is based on a deep Autoencoder. The results obtained show the potential of the proposal for 0-day attack detection.

Featured Image

Why is it important?

In this work, we have presented the ZED-IDS AE, an anomaly detector of DoS attacks based on a deep Autoencoder and semi-supervised learning. All our tests and experimentations were based on the use of the CICIDS2017 dataset, which was preferred to other datasets, widely used but obsolete. The proposed solution achieved a detection accuracy of 95.73%, showing its ability to recognize "never-seen-before" attacks. This makes it potentially useful for the recognition of 0-day attacks.


In our future work, we intend to test extensively the recognition performance of the the ZED-IDS AE trained on the CICIDS2017 in real-world conditions, e.g., to examine flows relative to non-synthetic traffic collected on real networks. A second important point is to prove the recognition capabilities of the AE under other types of anomalous traffic flows (e.g., under non-DoS attacks). However, the final objective of the ZED-IDS project is to develop an integrated set of tools for 0-day real-time attack detection.

Marta Catillo
Universita degli Studi del Sannio

Read the Original

This page is a summary of: Discovery of DoS attacks by the ZED-IDS anomaly detector, Journal of High Speed Networks, November 2019, IOS Press, DOI: 10.3233/jhs-190620.
You can read the full text:



The following have contributed to this page