Anomaly Detection in Networks using Autoencoder and Unsupervised Learning Methods

Abstract: The increasing popularity of networking devices at workplaces leads to an exponential increase in the frequency of network attacks. This leads to having protected networks being more and more important. Because of the increase in network activity workplaces have started to leave anomaly detection in the hands of artificial intelligence. However, the current methods of detecting anomalies can not accurately detect all of them. In this thesis, I propose a training method for autoencoders that shows how k-Means Clustering can be combined with an autoencoder for feature extraction with the use of differential evolution. The features extracted from this autoencoder is then used to classify the network activity of the KDD-99 dataset in order to be able to compare accuracies and false-positive rates with other anomaly detection methods. The results of this thesis show that it is possible to combine k-Means Clustering with autoencoders with the use of differential evolution. However, this proposed training method leads to a decrease in accuracy of classifiers. The classifiers reached around 19% accuracy when using extracted features from the autoencoder using my proposed training method as opposed to around 94% accuracy when using extracted features from an autoencoder that is not combined with k-Means Clustering. However, this research is only a preliminary research, and as such the results of this thesis should not be used for any real anomaly detection systems.