Anomaly Detection Algorithms and Techniques for Network Intrusion Detection Systems

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorKahles, Julen
dc.contributor.authorMishin, Mikhail
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorJung, Alexander
dc.date.accessioned2020-08-23T17:12:32Z
dc.date.available2020-08-23T17:12:32Z
dc.date.issued2020-08-18
dc.description.abstractIn recent years, many deep learning-based models have been proposed for anomaly detection. This thesis presents a comparison of selected deep autoencoding models and classical anomaly detection methods on three modern network intrusion detection datasets. We experiment with different configurations and architectures of the selected models, as well as aggregation techniques for input preprocessing and output postprocessing. We propose a methodology for creating benchmark datasets for the evaluation of the methods in different settings. We provide a statistical comparison of the performance of the selected techniques. We conclude that the deep autoencoding models, in particular AE and VAE, systematically outperform the classic methods. Furthermore, we show that aggregating input network flow data improves the overall performance. In general, the tested techniques are promising regarding their application in network intrusion detection systems. However, secondary techniques must be employed to reduce the high numbers of generated false alarms.en
dc.format.extent79+29
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/46076
dc.identifier.urnURN:NBN:fi:aalto-202008235008
dc.language.isoenen
dc.programmeMaster’s Programme in Computer, Communication and Information Sciencesfi
dc.programme.majorComputer Sciencefi
dc.programme.mcodeSCI3042fi
dc.subject.keywordanomaly detectionen
dc.subject.keywordnetwork intrusion detectionen
dc.subject.keywordneural networksen
dc.subject.keywordautoencodersen
dc.subject.keywordnetwork-flow aggregationen
dc.subject.keywordsemi-supervised learningen
dc.titleAnomaly Detection Algorithms and Techniques for Network Intrusion Detection Systemsen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Mishin_Mikhail_2020.pdf
Size:
4.15 MB
Format:
Adobe Portable Document Format