Griffin: An Ensemble of AutoEncoders for Anomaly Traffic Detection in SDN

Liyan Yang, Yubo Song, Shang Gao, Bin Xiao, Aiqun Hu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

The Network Intrusion Detection Systems (NIDS) with machine learning in SDN become increasingly popular solutions. NIDS uses abnormal traffic detection to identify unknown network attacks. Most of today's abnormal traffic detection systems are supposed to continuously update the recognition model in time based on the features from newly collected packets to accurately identify unknown network attack behaviors. However, those existing solutions always require a large number of packets to train the recognition model offline. That means it is impossible to accurately detect the emergence of new cyber-attacks immediately. This paper proposes Griffin, a per-packet anomaly detection system that can dynamically update the training model based on neural networks. The Griffin is executed in SDN environment, utilizing a novel ensemble of autoencoders to collectively filter out abnormal traffic from normal traffic. Meanwhile, the autoencoders are updated based on the root mean square error to adjust the training model. The adjustment is done in an unsupervised manner, which needs no expert to label the network traffic or update the model from time to time. Our evaluations, with the open Datasets provided by Yisroel Mirsky, show that Griffin's time delay is around 0. 1s and its accuracy is 98%. Moreover, we also compare Griffin with other four similar NIDSs and find that Griffin performs the best in terms of Matthews Correlation Coefficient and complexity.

Original languageEnglish
Title of host publication2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
ISBN (Electronic)9781728182988
DOIs
Publication statusPublished - Dec 2020
Event2020 IEEE Global Communications Conference, GLOBECOM 2020 - Virtual, Taipei, Taiwan
Duration: 7 Dec 202011 Dec 2020

Publication series

Name2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings

Conference

Conference2020 IEEE Global Communications Conference, GLOBECOM 2020
Country/TerritoryTaiwan
CityVirtual, Taipei
Period7/12/2011/12/20

Keywords

  • anomaly detection
  • autoencoder
  • ensemble learning
  • network intrusion detection system
  • Software-defined Network

ASJC Scopus subject areas

  • Media Technology
  • Modelling and Simulation
  • Instrumentation
  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality

Cite this