Signature-based intrusion detection methods report high accuracy with a very low false alarm rate. However, they do not perform well when faced with new or emerging threats. In this work we are studying the application of a specific class of neural networks called autoencoders in anomaly-based data driven models to identify potential zero-day-attacks. In the first phase of our experiments a deep autoencoder was trained on only ‘Normal’ samples from the CICIDS2017 dataset. When the model was tested with data that had malicious samples which it had never seen before, it achieved a detection accuracy of 88.28 percent. We are currently working on phase 2 of our experiments to further improve these results.
Authors: Nitin Mathur, Chengcheng Li, Bilal Gonen, Ki Jung Lee