Protocol Aware Unsupervised Network Intrusion Detection System

In recent years the number of attacks on computer networks has increased exponentially due to the easy availability of sophisticated tools and attack techniques. These attacks are possible due to existing vulnerabilities in networking protocols. Most of the machine learning based intrusion detection systems proposed earlier, to mitigate these attacks, consider training a model for the group of attacks, which doesn't consider protocol-specific properties into account and is biased toward attacks where most of the data is available. In this paper, we propose protocol aware unsupervised method based on an autoencoder-based learning approach to detect the attack in network flows by training the model using only normal traffic and using reconstruction error as the parameter to classify the attack event. Our proposed method is based on building protocol aware model by combining individual protocol-specific encoders and learning the protocol channel importance using attention mechanism. We perform various experiments on different recent datasets like CICDDoS2019, and CICIDS2018, and experimental results show that the proposed protocol aware model performs better than the non-protocol aware method.