An Effective Method for Detecting Unknown Types of Attacks Based on Log-Cosh Variational Autoencoder

The increasing prevalence of unknown-type attacks on the Internet highlights the importance of developing efficient intrusion detection systems. While machine learning-based techniques can detect unknown types of attacks, the need for innovative approaches becomes evident, as traditional methods may not be sufficient. In this research, we propose a deep learning-based solution called the log-cosh variational autoencoder (LVAE) to address this challenge. The LVAE inherits the strong modeling abilities of the variational autoencoder (VAE), enabling it to understand complex data distributions and generate reconstructed data. To better simulate discrete features of real attacks and generate unknown types of attacks, we introduce an effective reconstruction loss term utilizing the logarithmic hyperbolic cosine (log-cosh) function in the LVAE. Compared to conventional VAEs, the LVAE shows promising potential in generating data that closely resemble unknown attacks, which is a critical capability for improving the detection rate of unknown attacks. In order to classify the generated unknown data, we employed eight feature extraction and classification techniques. Numerous experiments were conducted using the latest CICIDS2017 dataset, training with varying amounts of real and unknown-type attacks. Our optimal experimental results surpassed several state-of-the-art techniques, achieving accuracy and average F1 scores of 99.89% and 99.83%, respectively. The suggested LVAE strategy also demonstrated outstanding performance in generating unknown attack data. Overall, our work establishes a solid foundation for accurately and efficiently identifying unknown types of attacks, contributing to the advancement of intrusion detection techniques.