A systematic literature review of unsupervised learning algorithms for anomalous traffic detection based on flows
- URL: http://arxiv.org/abs/2503.08293v1
- Date: Tue, 11 Mar 2025 11:06:00 GMT
- Title: A systematic literature review of unsupervised learning algorithms for anomalous traffic detection based on flows
- Authors: Alberto Miguel-Diez, Adrián Campazas-Vega, Claudia Álvarez-Aparicio, Gonzalo Esteban-Costales, Ángel Manuel Guerrero-Higueras,
- Abstract summary: This paper presents a systematic review of the literature on unsupervised learning algorithms for detecting anomalies in network flows.<n>Autoencoder is the most used option, followed by SVM, ALAD, or SOM.<n>All the datasets used for anomaly detection have been collected.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: The constant increase of devices connected to the Internet, and therefore of cyber-attacks, makes it necessary to analyze network traffic in order to recognize malicious activity. Traditional packet-based analysis methods are insufficient because in large networks the amount of traffic is so high that it is unfeasible to review all communications. For this reason, flows is a suitable approach for this situation, which in future 5G networks will have to be used, as the number of packets will increase dramatically. If this is also combined with unsupervised learning models, it can detect new threats for which it has not been trained. This paper presents a systematic review of the literature on unsupervised learning algorithms for detecting anomalies in network flows, following the PRISMA guideline. A total of 63 scientific articles have been reviewed, analyzing 13 of them in depth. The results obtained show that autoencoder is the most used option, followed by SVM, ALAD, or SOM. On the other hand, all the datasets used for anomaly detection have been collected, including some specialised in IoT or with real data collected from honeypots.
Related papers
- NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.<n>We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
arXiv Detail & Related papers (2024-12-30T00:47:49Z) - IoT Network Traffic Analysis with Deep Learning [8.998282428714797]
We conduct a literature review on the most recent works using deep learning techniques and implement a model using ensemble techniques on the KDD Cup 99 dataset.
The experimental results showcase the impressive performance of our deep anomaly detection model, achieving an accuracy of over 98%.
arXiv Detail & Related papers (2024-02-06T23:28:15Z) - Online Anomalous Subtrajectory Detection on Road Networks with Deep
Reinforcement Learning [38.71141801699763]
We propose a novel reinforcement learning based solution called RL4OASD.
RL4OASD involves two networks, one responsible for learning features of road networks and trajectories and the other responsible for detecting anomalous subtrajectories.
arXiv Detail & Related papers (2022-11-12T15:17:57Z) - Big data analysis and distributed deep learning for next-generation
intrusion detection system optimization [0.0]
This paper proposes a solution to detect new threats with higher detection rate and lower false positive than already used IDS.
We achieve those results by using Networking, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework.
We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies.
arXiv Detail & Related papers (2022-09-28T09:46:16Z) - Self-Supervised Training with Autoencoders for Visual Anomaly Detection [61.62861063776813]
We focus on a specific use case in anomaly detection where the distribution of normal samples is supported by a lower-dimensional manifold.
We adapt a self-supervised learning regime that exploits discriminative information during training but focuses on the submanifold of normal examples.
We achieve a new state-of-the-art result on the MVTec AD dataset -- a challenging benchmark for visual anomaly detection in the manufacturing domain.
arXiv Detail & Related papers (2022-06-23T14:16:30Z) - Unsupervised Abnormal Traffic Detection through Topological Flow
Analysis [1.933681537640272]
topological connectivity component of a malicious flow is less exploited.
We present a simple method that facilitate the use of connectivity graph features in unsupervised anomaly detection algorithms.
arXiv Detail & Related papers (2022-05-14T18:52:49Z) - Self-Supervised and Interpretable Anomaly Detection using Network
Transformers [1.0705399532413615]
This paper introduces the Network Transformer (NeT) model for anomaly detection.
NeT incorporates the graph structure of the communication network in order to improve interpretability.
The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System.
arXiv Detail & Related papers (2022-02-25T22:05:59Z) - A Comparative Analysis of Machine Learning Algorithms for Intrusion
Detection in Edge-Enabled IoT Networks [0.0]
Intrusion detection is one of the challenging issues in the area of network security.
In this paper, a comparative analysis of conventional machine learning classification algorithms has been performed.
It can be observed that Multi-Layer Perception (MLP) has dependencies between input and output and relies more on network configuration for intrusion detection.
arXiv Detail & Related papers (2021-11-02T05:58:07Z) - DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly
detection in air transportation [68.8204255655161]
We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE)
It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase.
Results show that the DAE achieves better results in both accuracy and speed of detection.
arXiv Detail & Related papers (2021-09-08T14:07:55Z) - Anomaly Detection on Attributed Networks via Contrastive Self-Supervised
Learning [50.24174211654775]
We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks.
Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair.
A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
arXiv Detail & Related papers (2021-02-27T03:17:20Z) - Few-shot Network Anomaly Detection via Cross-network Meta-learning [45.8111239825361]
We propose a new family of graph neural networks -- Graph Deviation Networks (GDN)
GDN can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network.
We equip the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection.
arXiv Detail & Related papers (2021-02-22T16:42:37Z) - Federated Learning in Vehicular Networks [41.89469856322786]
Federated learning (FL) framework has been introduced as an efficient tool with the goal of reducing transmission overhead.
In this paper, we investigate the usage of FL over centralized learning (CL) in vehicular network applications to develop intelligent transportation systems.
We identify the major challenges from both learning perspective, i.e., data labeling and model training, and from the communications point of view, i.e., data rate, reliability, transmission overhead, privacy and resource management.
arXiv Detail & Related papers (2020-06-02T06:32:59Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.