Cohen Seffi, Goldshlager Niv, Shapira Bracha, Rokach Lior
Software and Information Systems Engineering, Ben-Gurion University, Beer Sheva P.O. Box 653, Israel.
Entropy (Basel). 2023 May 19;25(5):820. doi: 10.3390/e25050820.
Machine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works mainly focused on improving the anomaly detector itself, whereas in this paper, we introduce a novel method, Test-Time Augmentation for Network Anomaly Detection (TTANAD), which utilizes test-time augmentation to enhance anomaly detection from the data side. TTANAD leverages the temporal characteristics of traffic data and produces temporal test-time augmentations on the monitored traffic data. This method aims to create additional points of view when examining network traffic during inference, making it suitable for a variety of anomaly detector algorithms. Our experimental results demonstrate that TTANAD outperforms the baseline in all benchmark datasets and with all examined anomaly detection algorithms, according to the Area Under the Receiver Operating Characteristic (AUC) metric.
基于机器学习的网络入侵检测系统(NIDS)旨在通过识别异常行为或不当使用来保护网络。近年来,已经开发出了诸如模仿合法流量的高级攻击,以避免此类系统发出警报。先前的工作主要集中在改进异常检测器本身,而在本文中,我们引入了一种新颖的方法,即网络异常检测的测试时增强(TTANAD),该方法利用测试时增强从数据端增强异常检测。TTANAD利用流量数据的时间特征,并在受监控的流量数据上生成时间测试时增强。该方法旨在在推理过程中检查网络流量时创建额外的视角,使其适用于各种异常检测算法。我们的实验结果表明,根据接收者操作特征(AUC)指标,TTANAD在所有基准数据集中以及所有检查的异常检测算法中均优于基线。
