GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection

Add code
Mar 15, 2019
Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low, Mun Choon Chan
Figure 1 for GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection
Figure 2 for GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection
Figure 3 for GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection
Figure 4 for GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

This paper looks into the problem of detecting network anomalies by analyzing NetFlow records. While many previous works have used statistical models and machine learning techniques in a supervised way, such solutions have the limitations that they require large amount of labeled data for training and are unlikely to detect zero-day attacks. Existing anomaly detection solutions also do not provide an easy way to explain or identify attacks in the anomalous traffic. To address these limitations, we develop and present GEE, a framework for detecting and explaining anomalies in network traffic. GEE comprises of two components: (i) Variational Autoencoder (VAE) - an unsupervised deep-learning technique for detecting anomalies, and (ii) a gradient-based fingerprinting technique for explaining anomalies. Evaluation of GEE on the recent UGR dataset demonstrates that our approach is effective in detecting different anomalies as well as identifying fingerprints that are good representations of these various attacks.

* to appear in 2019 IEEE Conference on Communications and Network Security (CNS)  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon