A Systematic Approach to Building Autoencoders for Intrusion Detection

Network Intrusion Detection Systems (NIDS) have been the most effective defense mechanism against various network attacks. As attack patterns have been intelligently and dynamically evolving, the deep learning-based NIDSs have been widely adopted to improve intrusion detection accuracy. Autoencoders, one of the unsupervised neural networks, are generative deep learning models that learn to represent the data as compressed vectors without class labels. Recently, various autoencoder–generative deep learning models–have been used for NIDS in order to efficiently alleviate the laborious labeling and to effectively detect unknown types of attacks (i.e. zero-day attacks). In spite of the effectiveness of autoencoders in detecting intrusions, it requires tremendous effort to identify the optimal model architecture of the autoencoders that results in the best performance, which is an obstacle for practical applications. To address this challenge, this paper rigorously studies autoencoders with two important factors using real network data. We investigate how the size of a latent layer and the size of the model influence the detection performance. We evaluate our autoencoder model using the IDS benchmark data sets and present the experimental findings.