SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection

TL;DR

SAFE is a self-supervised framework that transforms network data into images for improved anomaly detection, outperforming existing methods in identifying intrusions without requiring attack labels.

Contribution

Introduces SAFE, a novel SSL-based intrusion detection framework using image-like data transformation and Masked Autoencoders for enhanced anomaly detection.

Findings

Outperforms SLAD by up to 26.2% in F1-score

Surpasses Anomal-E by up to 23.5% in F1-score

Effective in detecting unknown network threats

Abstract

The proliferation of IoT devices has significantly increased network vulnerabilities, creating an urgent need for effective Intrusion Detection Systems (IDS). Machine Learning-based IDS (ML-IDS) offer advanced detection capabilities but rely on labeled attack data, which limits their ability to identify unknown threats. Self-Supervised Learning (SSL) presents a promising solution by using only normal data to detect patterns and anomalies. This paper introduces SAFE, a novel framework that transforms tabular network intrusion data into an image-like format, enabling Masked Autoencoders (MAEs) to learn robust representations of network behavior. The features extracted by the MAEs are then incorporated into a lightweight novelty detector, enhancing the effectiveness of anomaly detection. Experimental results demonstrate that SAFE outperforms the state-of-the-art anomaly detection method, Scale Learning-based Deep Anomaly Detection method (SLAD), by up to 26.2% and surpasses the state-of-the-art SSL-based network intrusion detection approach, Anomal-E, by up to 23.5% in F1-score.