Reviewing the Landscape of Security Anomaly Detection through Deep Learning Techniques
Keywords:
Security Anomaly Detection, Deep Learning Techniques, Benchmark Datasets, Ethical Considerations, Privacy PreservationAbstract
Security anomaly detection, a critical element in safeguarding digital systems, has undergone a transformative evolution through the integration of deep learning techniques. This comprehensive review navigates the landscape of security anomaly detection, unveiling the potential and challenges within this realm. The research methodology involved systematic data collection from renowned databases, including Scopus, Web of Science, and Google Scholar. Key topics explored include the integration of deep learning models, benchmark datasets, preprocessing techniques, ethical considerations, and future directions. Deep learning models, such as autoencoders, recurrent neural networks (RNNs), and convolutional neural networks (CNNs), have proven invaluable in enhancing detection accuracy and efficiency. Benchmark datasets like NSL-KDD, CICIDS2017, and UNSW-NB15 have emerged as essential evaluation tools. Tailored preprocessing techniques ensure data readiness for these models. Challenges encompass data imbalance, model interpretability, adversarial attacks, and scalability. Ethical and privacy considerations emphasize privacy preservation, fairness, transparency, and accountability. The convergence of deep learning with security anomaly detection heralds a new era in cybersecurity. While challenges persist, a commitment to ethical principles and exploration of innovative avenues are set to realize the full potential of deep learning for robust, efficient, and responsible security anomaly detection systems, ensuring a safer digital landscape for all.
Downloads
References
S. Luo, "Structural Anomaly Detection," Doctoral dissertation 2023.
D. Kwon, H. Kim, J. Kim, S. C. Suh, I. Kim, and K. J. Kim, "A survey of deep learning-based network anomaly detection," Cluster Computing, vol. 22, pp. 949-961, 2019, doi: 10.1007/s10586-017-1117-8.
L. Zhou and H. Guo, "Anomaly detection methods for IIoT networks," presented at the 2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), 2018.
W. Zhang, Q. J. Wu, W. W. Zhao, H. Deng, and Y. Yang, "Hierarchical one-class model with subnetwork for representation learning and outlier detection," IEEE Transactions on Cybernetics, 2022, doi: 10.1109/TCYB.2022.3166349.
I. H. Sarker, "Deep cybersecurity: a comprehensive overview from neural network and deep learning perspective," SN Computer Science, vol. 2, no. 3, p. 154, 2021, doi: 10.20944/preprints202102.0340.v1.
R. Nayak, U. C. Pati, and S. K. Das, "A comprehensive review on deep learning-based methods for video anomaly detection," Image and Vision Computing, vol. 106, p. 104078, 2021, doi: 10.1016/j.imavis.2020.104078.
N. Moustafa, N. Koroniotis, M. Keshk, A. Y. Zomaya, and Z. Tari, "Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions," IEEE Communications Surveys & Tutorials, 2023, doi: 10.1109/COMST.2023.3280465.
M. Munir, M. A. Chattha, A. Dengel, and S. Ahmed, "A comparative analysis of traditional and deep learning-based anomaly detection methods for streaming data," presented at the 2019 18th IEEE International Conference on Machine Learning and Applications (ICMLA), 2019.
M. Abdallah, N. An Le Khac, H. Jahromi, and A. Delia Jurcut, "A hybrid CNN-LSTM based approach for anomaly detection systems in SDNs," presented at the Proceedings of the 16th International Conference on Availability, Reliability and Security, 2021.
Z. K. Abbas and A. A. Al-Ani, "Anomaly detection in surveillance videos based on H265 and deep learning," International Journal of Advanced Technology and Engineering Exploration, vol. 9, no. 92, p. 910, 2022, doi: 10.19101/IJATEE.2021.875907.
S. Sapre, P. Ahmadi, and K. Islam, "A robust comparison of the KDDCup99 and NSL-KDD IoT network intrusion detection datasets through various machine learning algorithms," arXiv preprint, 2019.
H. Lawrence et al., "CUPID: A labeled dataset with Pentesting for evaluation of network intrusion detection," Journal of Systems Architecture, vol. 129, p. 102621, 2022, doi: 10.1016/j.sysarc.2022.102621.
M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, "Netflow datasets for machine learning-based network intrusion detection systems," in Big Data Technologies and Applications: 10th EAI International Conference, BDTA 2020, and 13th EAI International Conference on Wireless Internet, WiCON 2020: Springer International Publishing, 2021, pp. 117-135.
Ö. Aslan and A. Yilmaz, "A new malware classification framework based on deep learning algorithms," IEEE Access, vol. 9, pp. 87936-87951, 2021, doi: 10.1109/ACCESS.2021.3089586.
R. Damasevicius et al., "LITNET-2020: An annotated real-world network flow dataset for network intrusion detection," Electronics, vol. 9, no. 5, p. 800, 2020, doi: 10.3390/electronics9050800.
V. L. Thing, "IEEE 802.11 network anomaly detection and attack classification: A deep learning approach," presented at the 2017 IEEE Wireless Communications and Networking Conference (WCNC), 2017.
S. Kappal, "Data normalization using median median absolute deviation MMAD based Z-score for robust predictions vs. min-max normalization," London Journal of Research in Science: Natural and Formal, vol. 19, no. 4, p. 10, 2019.
M. Szczepański, M. Pawlicki, R. Kozik, and M. Choraś, "The Application of Deep Learning Imputation and Other Advanced Methods for Handling Missing Values in Network Intrusion Detection," Vietnam Journal of Computer Science, vol. 10, no. 01, pp. 1-23, 2023, doi: 10.1142/S2196888822500257.
H. Ding, L. Chen, L. Dong, Z. Fu, and X. Cui, "Imbalanced data classification: A KNN and generative adversarial networks-based hybrid approach for intrusion detection," Future Generation Computer Systems, vol. 131, pp. 240-254, 2022, doi: 10.1016/j.future.2022.01.026.
C. Seger, "An investigation of categorical variable encoding techniques in machine learning: binary versus one-hot and feature hashing," 2018.
B. Ingre, A. Yadav, and A. K. Soni, "Decision tree based intrusion detection system for NSL-KDD dataset," in Information and Communication Technology for Intelligent Systems (ICTIS 2017)-Volume 2: Springer International Publishing, 2018, pp. 207-218.
Y. Cao, L. Zhang, X. Zhao, K. Jin, and Z. Chen, "An intrusion detection method for industrial control system based on machine learning," Information, vol. 13, no. 7, p. 322, 2022, doi: 10.3390/info13070322.
N. Moustafa and J. Slay, "The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set," Information Security Journal: A Global Perspective, vol. 25, no. 1-3, pp. 18-31, 2016, doi: 10.1080/19393555.2015.1125974.
B. S. Khater, A. W. B. Abdul Wahab, M. Y. I. B. Idris, M. A. Hussain, and A. A. A. Ibrahim, "A lightweight perceptron-based intrusion detection system for fog computing," Applied Sciences, vol. 9, no. 1, p. 178, 2019, doi: 10.3390/app9010178.
A. Ferriyan, A. H. Thamrin, K. Takeda, and J. Murai, "Generating network intrusion detection dataset based on real and encrypted synthetic attack traffic," Applied Sciences, vol. 11, no. 17, p. 7868, 2021, doi: 10.3390/app11177868.
Z. K. Maseer, R. Yusof, S. A. Mostafa, N. Bahaman, O. Musa, and B. A. S. Al-rimy, "DeepIoT. IDS: hybrid deep learning for enhancing IoT network intrusion detection," Computers, Materials & Continua, vol. 69, no. 3, pp. 3945-3966, 2021, doi: 10.32604/cmc.2021.016074.
O. Sagi and L. Rokach, "Ensemble learning: A survey," Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, vol. 8, no. 4, p. e1249, 2018, doi: 10.1002/widm.1249.
J. B. Awotunde, C. Chakraborty, and A. E. Adeniyi, "Intrusion detection in industrial internet of things network-based on deep learning model with rule-based feature selection," Wireless Communications and Mobile Computing, pp. 1-17, 2021, doi: 10.1155/2021/7154587.
A. Chandra, S. K. Khatri, and R. Simon, "Filter-based attribute selection approach for intrusion detection using k-means clustering and sequential minimal optimization techniq," in 2019 Amity International Conference on Artificial Intelligence (AICAI), 2019: IEEE, pp. 740-745, doi: 10.1109/AICAI.2019.8701373.
S. Bagui and K. Li, "Resampling imbalanced data for network intrusion detection datasets," Journal of Big Data, vol. 8, no. 1, pp. 1-41, 2021, doi: 10.1186/s40537-020-00390-x.
R. Moraffah, M. Karami, R. Guo, A. Raglin, and H. Liu, "Causal interpretability for machine learning-problems, methods and evaluation," ACM SIGKDD Explorations Newsletter, vol. 22, no. 1, pp. 18-33, 2020, doi: 10.1145/3400051.3400058.
X. Jia, Y. Zhang, B. Wu, K. Ma, J. Wang, and X. Cao, "LAS-AT: adversarial training with learnable attack strategy," in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2022, pp. 13398-13408, doi: 10.1109/CVPR52688.2022.01304.
G. Michau and O. Fink, "Unsupervised transfer learning for anomaly detection: Application to complementary operating condition transfer," Knowledge-Based Systems, vol. 216, p. 106816, 2021, doi: 10.1016/j.knosys.2021.106816.
I. Ullah and Q. H. Mahmoud, "Design and development of RNN anomaly detection model for IoT networks," IEEE Access, vol. 10, pp. 62722-62750, 2022, doi: 10.1109/ACCESS.2022.3176317.
M. Abdel-Basset, N. Moustafa, and H. Hawash, "Privacy-Preserved Generative Network for Trustworthy Anomaly Detection in Smart Grids: A Federated Semisupervised Approach," IEEE Transactions on Industrial Informatics, vol. 19, no. 1, pp. 995-1005, 2022, doi: 10.1109/TII.2022.3165869.
S. Bird, K. Kenthapadi, E. Kiciman, and M. Mitchell, "Fairness-aware machine learning: Practical challenges and lessons learned," in Proceedings of the twelfth ACM international conference on web search and data mining, 2019, pp. 834-835, doi: 10.1145/3289600.3291383.
M. Krishnan, "Against interpretability: a critical examination of the interpretability problem in machine learning," Philosophy & Technology, vol. 33, no. 3, pp. 487-502, 2020, doi: 10.1007/s13347-019-00372-9.
D. M. Parker, S. G. Pine, and Z. W. Ernst, "Privacy and informed consent for research in the age of big data," Penn St. L. Rev., vol. 123, p. 703, 2018.
M. Samadzadeh and N. F. Ghohroud, "Evaluating Security Anomalies by Classifying Traffic Using Deep Learning," in 2023 9th International Conference on Web Research (ICWR), 2023, pp. 135-141, doi: 10.1109/ICWR57742.2023.10138963.
M. Samadzadeh and N. F. Ghohroud, "Evaluating Security Anomalies by Classifying Traffic Using a Multi-Layered Model," International Journal of Web Research, vol. 6, no. 1, pp. 17-28, 2023, doi: 10.22133/ijwr.2023.396115.1151.
M. Samadzadeh and N. F. Ghohroud, "Detection of Denial-of-Service Attacks in Software-Defined Networking Based on Traffic Classification using Deep learning," in 2024 10th International Conference on Artificial Intelligence and Robotics (QICAR), 2024, doi: 10.1109/AISP61396.2024.10475278.
M. Samadzadeh, M. H. Zahedi, and E. Farahani, "Using Ensemble Learning, A Cosine Similarity-Based Model for Detecting Security Anomalies in Software-Defined Networks," in 2024 20th CSI International Symposium on Artificial Intelligence and Signal Processing (AISP), 2024, pp. 1-6, doi: 10.1109/AISP61396.2024.10475278.
Downloads
Published
Submitted
Revised
Accepted
Issue
Section
License
Copyright (c) 2025 Mohammadreza Samadzadeh; Elham Farahani, Seyyed Jafar Seyyedzadeh (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
