In the evolving landscape of cybersecurity, detecting unknown and sophisticated network attacks has become a critical challenge. This paper presents an unsupervised machine learning approach to building a Network Intrusion Detection System (NIDS). The system leverages Autoencoders, Isolation Forest, and K-Means clustering to identify anomalies without relying on predefined labels. The Autoencoder is trained on normal traffic and uses reconstruction error to detect anomalies, enhanced with LeakyReLU activation for better learning stability. Ensemble learning is then employed by combining predictions from the unsupervised models into a Random Forest meta-classifier for improved accuracy and robustness. The proposed hybrid system is evaluated using performance metrics such as precision, recall, F1-score, accuracy, and AUC, achieving significant improvement over individual models. Visualization techniques like PCA and confusion matrices support the interpretability of the results. This approach demonstrates that unsupervised learning, coupled with ensemble techniques, offers a powerful solution for detecting novel and evolving threats in network traffic.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards Autonomous Cybersecurity: NIDS Using Unsupervised Learning

  • J. Sam Jebadurai,
  • T. Mathu

摘要

In the evolving landscape of cybersecurity, detecting unknown and sophisticated network attacks has become a critical challenge. This paper presents an unsupervised machine learning approach to building a Network Intrusion Detection System (NIDS). The system leverages Autoencoders, Isolation Forest, and K-Means clustering to identify anomalies without relying on predefined labels. The Autoencoder is trained on normal traffic and uses reconstruction error to detect anomalies, enhanced with LeakyReLU activation for better learning stability. Ensemble learning is then employed by combining predictions from the unsupervised models into a Random Forest meta-classifier for improved accuracy and robustness. The proposed hybrid system is evaluated using performance metrics such as precision, recall, F1-score, accuracy, and AUC, achieving significant improvement over individual models. Visualization techniques like PCA and confusion matrices support the interpretability of the results. This approach demonstrates that unsupervised learning, coupled with ensemble techniques, offers a powerful solution for detecting novel and evolving threats in network traffic.