AutoIDS: Auto-encoder Based Method for Intrusion Detection System

TL;DR

AutoIDS introduces a semi-supervised neural network-based intrusion detection method that efficiently distinguishes normal from abnormal network traffic by cascading two encoder-decoder detectors, achieving high accuracy on benchmark data.

Contribution

The paper presents AutoIDS, a novel semi-supervised neural network approach using cascading detectors for efficient intrusion detection with improved accuracy.

Findings

AutoIDS achieves 90.17% accuracy on NSL-KDD dataset.

It effectively reduces computational costs by processing most flows with a single detector.

AutoIDS outperforms existing state-of-the-art methods in intrusion detection accuracy.

Abstract

Intrusion Detection System (IDS) is one of the most effective solutions for providing primary security services. IDSs are generally working based on attack signatures or by detecting anomalies. In this paper, we have presented AutoIDS, a novel yet efficient solution for IDS, based on a semi-supervised machine learning technique. AutoIDS can distinguish abnormal packet flows from normal ones by taking advantage of cascading two efficient detectors. These detectors are two encoder-decoder neural networks that are forced to provide a compressed and a sparse representation from the normal flows. In the test phase, failing these neural networks on providing compressed or sparse representation from an incoming packet flow, means such flow does not comply with the normal traffic and thus it is considered as an intrusion. For lowering the computational cost along with preserving the accuracy, a large number of flows are just processed by the first detector. In fact, the second detector is only used for difficult samples which the first detector is not confident about them. We have evaluated AutoIDS on the NSL-KDD benchmark as a widely-used and well-known dataset. The accuracy of AutoIDS is 90.17\% showing its superiority compared to the other state-of-the-art methods.