الملخص الإنجليزي
In recent years, the number of cyber-attacks against IT infrastructure has
significantly increased. To detect such attacks and minimize their impact,
network intrusion detection systems (NIDS), especially anomaly-based NID, are
commonly used. Anomaly-based NIDS can detect unknown (zero-day) attacks,
which traditional signature-based NIDS cannot. Most machine learning-based
anomaly NIDS systems use a supervised approach, which requires a lot of effort
to label the traffic. To overcome this challenge, autoencoders are applied in an
unsupervised approach to detect attacks because they can learn traffic patterns.
In this study, we evaluated the performance of autoencoder-based (NIDS)
using two approaches on the NSL-KDD and UNSW-NB15 datasets. In the first
approach, we used an autoencoder to extract features from the dataset. We
then passed the extracted features to an SVM classifier for classification. As for
the second approach, we applied an autoencoder as an unsupervised attack
detector and compared the results to those of a supervised approach.
Our study found that incorporating an autoencoder component to a
supervised NIDS model for feature extraction enhanced accuracy while
reducing training time. Moreover, our unsupervised autoencoder-based NIDS
model achieved an accuracy of 90% on the NSL-KDD dataset, which is
comparable to the highest reported accuracy in the literature. Similarly, our
model achieved an accuracy of 83% on the UNSW-NB15 dataset when
combined as a feature extractor to assist SVM classifier. This clearly proves the
effectiveness of autoencoders in the domain of network intrusion detection and
demonstrates their ability to overcome the challenge of obtaining labeled attack
data.
