TTANAD: Test-Time Augmentation for Network Anomaly Detection
Machine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works ma...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-05-01
|
Series: | Entropy |
Subjects: | |
Online Access: | https://www.mdpi.com/1099-4300/25/5/820 |
_version_ | 1797600137831251968 |
---|---|
author | Seffi Cohen Niv Goldshlager Bracha Shapira Lior Rokach |
author_facet | Seffi Cohen Niv Goldshlager Bracha Shapira Lior Rokach |
author_sort | Seffi Cohen |
collection | DOAJ |
description | Machine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works mainly focused on improving the anomaly detector itself, whereas in this paper, we introduce a novel method, Test-Time Augmentation for Network Anomaly Detection (TTANAD), which utilizes test-time augmentation to enhance anomaly detection from the data side. TTANAD leverages the temporal characteristics of traffic data and produces temporal test-time augmentations on the monitored traffic data. This method aims to create additional points of view when examining network traffic during inference, making it suitable for a variety of anomaly detector algorithms. Our experimental results demonstrate that TTANAD outperforms the baseline in all benchmark datasets and with all examined anomaly detection algorithms, according to the Area Under the Receiver Operating Characteristic (AUC) metric. |
first_indexed | 2024-03-11T03:45:24Z |
format | Article |
id | doaj.art-13bc5a0dfa314a83a033c7fd81382015 |
institution | Directory Open Access Journal |
issn | 1099-4300 |
language | English |
last_indexed | 2024-03-11T03:45:24Z |
publishDate | 2023-05-01 |
publisher | MDPI AG |
record_format | Article |
series | Entropy |
spelling | doaj.art-13bc5a0dfa314a83a033c7fd813820152023-11-18T01:16:51ZengMDPI AGEntropy1099-43002023-05-0125582010.3390/e25050820TTANAD: Test-Time Augmentation for Network Anomaly DetectionSeffi Cohen0Niv Goldshlager1Bracha Shapira2Lior Rokach3Software and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, IsraelSoftware and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, IsraelSoftware and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, IsraelSoftware and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, IsraelMachine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works mainly focused on improving the anomaly detector itself, whereas in this paper, we introduce a novel method, Test-Time Augmentation for Network Anomaly Detection (TTANAD), which utilizes test-time augmentation to enhance anomaly detection from the data side. TTANAD leverages the temporal characteristics of traffic data and produces temporal test-time augmentations on the monitored traffic data. This method aims to create additional points of view when examining network traffic during inference, making it suitable for a variety of anomaly detector algorithms. Our experimental results demonstrate that TTANAD outperforms the baseline in all benchmark datasets and with all examined anomaly detection algorithms, according to the Area Under the Receiver Operating Characteristic (AUC) metric.https://www.mdpi.com/1099-4300/25/5/820NIDSTTAanomaly detectiontime series |
spellingShingle | Seffi Cohen Niv Goldshlager Bracha Shapira Lior Rokach TTANAD: Test-Time Augmentation for Network Anomaly Detection Entropy NIDS TTA anomaly detection time series |
title | TTANAD: Test-Time Augmentation for Network Anomaly Detection |
title_full | TTANAD: Test-Time Augmentation for Network Anomaly Detection |
title_fullStr | TTANAD: Test-Time Augmentation for Network Anomaly Detection |
title_full_unstemmed | TTANAD: Test-Time Augmentation for Network Anomaly Detection |
title_short | TTANAD: Test-Time Augmentation for Network Anomaly Detection |
title_sort | ttanad test time augmentation for network anomaly detection |
topic | NIDS TTA anomaly detection time series |
url | https://www.mdpi.com/1099-4300/25/5/820 |
work_keys_str_mv | AT sefficohen ttanadtesttimeaugmentationfornetworkanomalydetection AT nivgoldshlager ttanadtesttimeaugmentationfornetworkanomalydetection AT brachashapira ttanadtesttimeaugmentationfornetworkanomalydetection AT liorrokach ttanadtesttimeaugmentationfornetworkanomalydetection |