# GEE: A Gradient-based Explainable Variational Autoencoder for Network   Anomaly Detection

**Authors:** Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low,, Mun Choon Chan

arXiv: 1903.06661 · 2019-03-18

## TL;DR

This paper introduces GEE, a framework combining a variational autoencoder and gradient-based fingerprinting to detect and explain network anomalies without requiring labeled data.

## Contribution

GEE is a novel unsupervised framework that detects network anomalies and provides explanations, addressing limitations of prior supervised and non-explainable methods.

## Key findings

- Effective detection of various anomalies on UGR dataset
- Ability to identify attack fingerprints accurately
- Outperforms some existing anomaly detection approaches

## Abstract

This paper looks into the problem of detecting network anomalies by analyzing NetFlow records. While many previous works have used statistical models and machine learning techniques in a supervised way, such solutions have the limitations that they require large amount of labeled data for training and are unlikely to detect zero-day attacks. Existing anomaly detection solutions also do not provide an easy way to explain or identify attacks in the anomalous traffic. To address these limitations, we develop and present GEE, a framework for detecting and explaining anomalies in network traffic. GEE comprises of two components: (i) Variational Autoencoder (VAE) - an unsupervised deep-learning technique for detecting anomalies, and (ii) a gradient-based fingerprinting technique for explaining anomalies. Evaluation of GEE on the recent UGR dataset demonstrates that our approach is effective in detecting different anomalies as well as identifying fingerprints that are good representations of these various attacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.06661/full.md

## Figures

31 figures with captions in the complete paper: https://tomesphere.com/paper/1903.06661/full.md

## References

43 references — full list in the complete paper: https://tomesphere.com/paper/1903.06661/full.md

---
Source: https://tomesphere.com/paper/1903.06661