Evaluation of feature learning for anomaly detection in network traffic

The application of anomaly detection approaches to network intrusion detection in real scenarios is difficult. The ability of techniques such as deep learning to estimate new data representations with higher levels of abstraction can be useful to address data analysis of network traffic data. For that reason, the performance of different anomaly detection techniques on feature representations obtained by an autoencoder and a variational autoencoder is compared. We have employed a variety of well-known anomaly detection algorithms, which addresses intrusion detection as a semi-supervised problem where patterns that deviate from a baseline model, estimated only from normal traffic, are labelled as anomalous. Furthermore, this assessment is performed on four publicly available benchmarks. The results show that the effect of feature representation on performance is highly dependent on the anomaly detection technique.