Download PDFOpen PDF in browserUARC:Unsupervised Anomalous Traffic Detection with Improved U-Shaped Autoencoder and RetNet Based Multi-ClusteringEasyChair Preprint 1357020 pages•Date: June 6, 2024AbstractWith the ongoing advancement of deep learning, modern network intrusion detection systems increasingly favor utilizing deep learning networks to improve their ability to learn traffic characteristics. To address the challenge of obtaining a substantial amount of labeled training data, many intrusion detection systems now focus on unsupervised anomaly detection methods. Despite this shift, researchers still face the daunting task of distinguishing a significant volume of anomalous traffic and dealing with data imbalance. To address these real-world challenges, we introduce UARC, a system capable of achieving unsupervised anomaly traffic detection through multi-clustering. UARC utilizes an enhanced U-shaped autoencoder and a feature fusion method incorporating Masked Retnet to effectively extract spatiotemporal features from network traffic. It combines these techniques with the HDBSCAN algorithm for multi-clustering of traffic, providing a form of reverse guidance for network learning. Experimental results on multiple datasets demonstrate that UARC can cluster various types of traffic with an impressive accuracy rate of up to 97.96\%, while achieving a 99.70\% AUC value for anomaly detection. Keyphrases: Auto-encoder, Network Intrusion Detection, multi-clustering, unsupervised learning
|