Download PDFOpen PDF in browser

UARC:Unsupervised Anomalous Traffic Detection with Improved U-Shaped Autoencoder and RetNet Based Multi-Clustering

EasyChair Preprint 13570

20 pagesDate: June 6, 2024

Abstract

With the ongoing advancement of deep learning, modern network intrusion detection systems increasingly favor utilizing deep learning networks to improve their ability to learn traffic characteristics. To address the challenge of obtaining a substantial amount of labeled training data, many intrusion detection systems now focus on unsupervised anomaly detection methods. Despite this shift, researchers still face the daunting task of distinguishing a significant volume of anomalous traffic and dealing with data imbalance. To address these real-world challenges, we introduce UARC, a system capable of achieving unsupervised anomaly traffic detection through multi-clustering. UARC utilizes an enhanced U-shaped autoencoder and a feature fusion method incorporating Masked Retnet to effectively extract spatiotemporal features from network traffic. It combines these techniques with the HDBSCAN algorithm for multi-clustering of traffic, providing a form of reverse guidance for network learning. Experimental results on multiple datasets demonstrate that UARC can cluster various types of traffic with an impressive accuracy rate of up to 97.96\%, while achieving a 99.70\% AUC value for anomaly detection.

Keyphrases: Auto-encoder, Network Intrusion Detection, multi-clustering, unsupervised learning

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:13570,
  author    = {Yunyang Xie and Kai Chen and Shenghui Li and Bingqian Li and Ning Zhang},
  title     = {UARC:Unsupervised Anomalous Traffic Detection with Improved U-Shaped Autoencoder and RetNet Based Multi-Clustering},
  howpublished = {EasyChair Preprint 13570},
  year      = {EasyChair, 2024}}
Download PDFOpen PDF in browser