Anomaly detection is a critical component of cyber security, aimed at identifying potential threats and malicious activities within network environments. However, traditional anomaly-based intrusion detection systems (IDSs) often suffer from high false positive rates, which undermine their effectiveness. This study explores the application of computer vision techniques to anomaly detection by leveraging heat maps as visual representations of network traffic. Using the UNSW-NB15 benchmark dataset, we evaluate the capability of computer vision models to classify attack and non-attack traffic, and compare their performance to traditional machine learning and published deep learning approaches on the same dataset subsets. Both binary and multi-class classification experiments are conducted, with performance evaluated using accuracy, precision, recall, F1 score, and false positive rate (FPR). Initial results show that the proposed binary classification model achieves perfect accuracy (100%) and a 0% FPR in distinguishing between attack and non-attack traffic. In multi-class classification, the model attains a macro-averaged precision of 85.69% and recall of 82.55%, while maintaining a lower average FPR (2.19%) than competing methods. These outcomes highlight the potential of computer vision-based approaches to mitigate false positives—a persistent challenge in anomaly detection. The findings suggest that visualising network traffic through heat maps and analysing them with computer vision models can significantly enhance the accuracy and reliability of anomaly-based IDSs.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhanced Anomaly Detection in Cyber Security by Using Network Traffic Heat Maps

  • Chloe Hulme,
  • Pengyu Li,
  • Ang Yang

摘要

Anomaly detection is a critical component of cyber security, aimed at identifying potential threats and malicious activities within network environments. However, traditional anomaly-based intrusion detection systems (IDSs) often suffer from high false positive rates, which undermine their effectiveness. This study explores the application of computer vision techniques to anomaly detection by leveraging heat maps as visual representations of network traffic. Using the UNSW-NB15 benchmark dataset, we evaluate the capability of computer vision models to classify attack and non-attack traffic, and compare their performance to traditional machine learning and published deep learning approaches on the same dataset subsets. Both binary and multi-class classification experiments are conducted, with performance evaluated using accuracy, precision, recall, F1 score, and false positive rate (FPR). Initial results show that the proposed binary classification model achieves perfect accuracy (100%) and a 0% FPR in distinguishing between attack and non-attack traffic. In multi-class classification, the model attains a macro-averaged precision of 85.69% and recall of 82.55%, while maintaining a lower average FPR (2.19%) than competing methods. These outcomes highlight the potential of computer vision-based approaches to mitigate false positives—a persistent challenge in anomaly detection. The findings suggest that visualising network traffic through heat maps and analysing them with computer vision models can significantly enhance the accuracy and reliability of anomaly-based IDSs.