Deep Learning-Based Anomaly Detection in LAN from Raw Network Traffic Measurement

The digitalization occurring in various industries is bringing more information transmitted through networks. More resilient and efficient network traffic monitoring systems are in high demand to safeguard network flows. In this article, we presented a combined approach of anomaly detection in LAN based on raw network traffic observation and measurement, the collected data being converted to regulated chunks of 480 bits. A network traffic dataset including multi-type anomalies from a honeypot device in LAN was employed, with a total of two weeks' data. By further integrating the representation with supervised learning and knowledge-based labeling methods, we aim to classify raw network traffic thus detecting anomaly from raw data measurement without using manually crafted features. We conducted the model training against accuracy and evaluated the scheme based on a separated validation set against a metric of precision. Finally, we achieved a validation precision score of 0.980 for detecting ARP flooding, a score of 0.801 for detecting malicious SMB, and a score of 0.815 for detecting TCP SYN flooding respectively.