Deep Learning for Network Anomaly Detection under Data Contamination: Evaluating Robustness and Mitigating Performance Degradation

TL;DR

This paper evaluates the robustness of deep learning models for network anomaly detection against data contamination and proposes an auto-encoder based mitigation method to improve their resilience.

Contribution

It introduces an evaluation protocol for robustness of DL-based NAD models and proposes a constrained auto-encoder to mitigate contamination effects.

Findings

State-of-the-art algorithms degrade significantly under data contamination.

The proposed auto-encoder improves resistance to contaminated data.

Enhanced models maintain better detection performance with contaminated data.

Abstract

Deep learning (DL) has emerged as a crucial tool in network anomaly detection (NAD) for cybersecurity. While DL models for anomaly detection excel at extracting features and learning patterns from data, they are vulnerable to data contamination -- the inadvertent inclusion of attack-related data in training sets presumed benign. This study evaluates the robustness of six unsupervised DL algorithms against data contamination using our proposed evaluation protocol. Results demonstrate significant performance degradation in state-of-the-art anomaly detection algorithms when exposed to contaminated data, highlighting the critical need for self-protection mechanisms in DL-based NAD models. To mitigate this vulnerability, we propose an enhanced auto-encoder with a constrained latent representation, allowing normal data to cluster more densely around a learnable center in the latent space. Our evaluation reveals that this approach exhibits improved resistance to data contamination compared to existing methods, offering a promising direction for more robust NAD systems.