Semi-Supervised Learning for Anomaly Traffic Detection via Bidirectional Normalizing Flows

• URL: http://arxiv.org/abs/2403.10550v1
• Date: Wed, 13 Mar 2024 02:10:32 GMT
• Title: Semi-Supervised Learning for Anomaly Traffic Detection via Bidirectional Normalizing Flows
• Authors: Zhangxuan Dang, Yu Zheng, Xinglin Lin, Chunlei Peng, Qiuyu Chen, Xinbo Gao,
• Abstract summary: We consider the problem of anomaly network traffic detection and propose a three-stage anomaly detection framework using only normal traffic. Our framework can generate pseudo anomaly samples without prior knowledge of anomalies to achieve the detection of anomaly data.
• Score: 47.4772981101262
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: With the rapid development of the Internet, various types of anomaly traffic are threatening network security. We consider the problem of anomaly network traffic detection and propose a three-stage anomaly detection framework using only normal traffic. Our framework can generate pseudo anomaly samples without prior knowledge of anomalies to achieve the detection of anomaly data. Firstly, we employ a reconstruction method to learn the deep representation of normal samples. Secondly, these representations are normalized to a standard normal distribution using a bidirectional flow module. To simulate anomaly samples, we add noises to the normalized representations which are then passed through the generation direction of the bidirectional flow module. Finally, a simple classifier is trained to differentiate the normal samples and pseudo anomaly samples in the latent space. During inference, our framework requires only two modules to detect anomalous samples, leading to a considerable reduction in model size. According to the experiments, our method achieves the state of-the-art results on the common benchmarking datasets of anomaly network traffic detection. The code is given in the https://github.com/ZxuanDang/ATD-via-Flows.git

Related papers

• GLAD: Towards Better Reconstruction with Global and Local Adaptive Diffusion Models for Unsupervised Anomaly Detection [60.78684630040313]
  Diffusion models tend to reconstruct normal counterparts of test images with certain noises added. From the global perspective, the difficulty of reconstructing images with different anomalies is uneven. We propose a global and local adaptive diffusion model (abbreviated to GLAD) for unsupervised anomaly detection.
  arXiv  Detail & Related papers  (2024-06-11T17:27:23Z)
• Anomaly Detection by Context Contrasting [57.695202846009714]
  Anomaly detection focuses on identifying samples that deviate from the norm. Recent advances in self-supervised learning have shown great promise in this regard. We propose Con$$, which learns through context augmentations.
  arXiv  Detail & Related papers  (2024-05-29T07:59:06Z)
• Detecting Contextual Network Anomalies with Graph Neural Networks [4.671648049111933]
  We formulate the problem as contextual anomaly detection on network traffic measurements. We propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines.
  arXiv  Detail & Related papers  (2023-12-11T12:45:43Z)
• MSFlow: Multi-Scale Flow-based Framework for Unsupervised Anomaly Detection [124.52227588930543]
  Unsupervised anomaly detection (UAD) attracts a lot of research interest and drives widespread applications. An inconspicuous yet powerful statistics model, the normalizing flows, is appropriate for anomaly detection and localization in an unsupervised fashion. We propose a novel Multi-Scale Flow-based framework dubbed MSFlow composed of asymmetrical parallel flows followed by a fusion flow. Our MSFlow achieves a new state-of-the-art with a detection AUORC score of up to 99.7%, localization AUCROC score of 98.8%, and PRO score of 97.1%.
  arXiv  Detail & Related papers  (2023-08-29T13:38:35Z)
• Augment to Detect Anomalies with Continuous Labelling [10.646747658653785]
  Anomaly detection is to recognize samples that differ in some respect from the training observations. Recent state-of-the-art deep learning-based anomaly detection methods suffer from high computational cost, complexity, unstable training procedures, and non-trivial implementation. We leverage a simple learning procedure that trains a lightweight convolutional neural network, reaching state-of-the-art performance in anomaly detection.
  arXiv  Detail & Related papers  (2022-07-03T20:11:51Z)
• Generative Anomaly Detection for Time Series Datasets [1.7954335118363964]
  Traffic congestion anomaly detection is of paramount importance in intelligent traffic systems. We propose a data-driven generative approach that can perform tractable density estimation for detecting traffic anomalies. Our approach significantly outperforms several state-of-the-art congestion anomaly detection and diagnosis methods in terms of Recall and F1-Score.
  arXiv  Detail & Related papers  (2022-06-28T17:08:47Z)
• Explainable Deep Few-shot Anomaly Detection with Deviation Networks [123.46611927225963]
  We introduce a novel weakly-supervised anomaly detection framework to train detection models. The proposed approach learns discriminative normality by leveraging the labeled anomalies and a prior probability. Our model is substantially more sample-efficient and robust, and performs significantly better than state-of-the-art competing methods in both closed-set and open-set settings.
  arXiv  Detail & Related papers  (2021-08-01T14:33:17Z)
• Dual-encoder Bidirectional Generative Adversarial Networks for Anomaly Detection [0.0]
  We develop a dual-encoder in a bidirectional GAN architecture that is trained simultaneously with a generator and a discriminator network. We show that our proposed method performs well in capturing the distribution of normal samples, thereby improving anomaly detection on GAN-based models.
  arXiv  Detail & Related papers  (2020-12-22T05:05:33Z)
• Unsupervised Anomaly Detection with Adversarial Mirrored AutoEncoders [51.691585766702744]
  We propose a variant of Adversarial Autoencoder which uses a mirrored Wasserstein loss in the discriminator to enforce better semantic-level reconstruction. We put forward an alternative measure of anomaly score to replace the reconstruction-based metric. Our method outperforms the current state-of-the-art methods for anomaly detection on several OOD detection benchmarks.
  arXiv  Detail & Related papers  (2020-03-24T08:26:58Z)
• $\text{A}^3$: Activation Anomaly Analysis [0.7734726150561088]
  We show that the hidden activation values contain information useful to distinguish between normal and anomalous samples. Our approach combines three neural networks in a purely data-driven end-to-end model. Thanks to the anomaly network, our method even works in strict semi-supervised settings.
  arXiv  Detail & Related papers  (2020-03-03T21:23:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.