Enhancing Network Traffic Anomaly Detection: Leveraging Temporal Correlation Index in a Hybrid Framework

A. H. Nasreen Fathima; S. P. Syed Ibrahim; Ansam Khraisat

doi:10.1109/ACCESS.2024.3458903

IEEE Access (Jan 2024)

Enhancing Network Traffic Anomaly Detection: Leveraging Temporal Correlation Index in a Hybrid Framework

A. H. Nasreen Fathima,
S. P. Syed Ibrahim,
Ansam Khraisat

Affiliations

A. H. Nasreen Fathima: School of Computer Science and Engineering, Vellore Institute of Technology, Chennai Campus, Tamil Nadu, India
S. P. Syed Ibrahim: School of Computer Science and Engineering, Vellore Institute of Technology, Chennai Campus, Tamil Nadu, India
Ansam Khraisat: School of Information Technology, Deakin University, Melbourne, Australia

DOI: https://doi.org/10.1109/ACCESS.2024.3458903
Journal volume & issue: Vol. 12
pp. 136805 – 136824

Abstract

Read online

The modern digital environment is becoming increasingly interconnected, underscoring the critical need to safeguard network infrastructures. Detecting anomalies in network traffic remains essential as cyber threats continue to evolve. Analyzing trends, patterns, and relationships in network traffic data over time poses challenges. On the other hand, traditional generative neural networks emphasize detecting network attacks but encounter difficulties due to limitations in capturing the temporal and dynamic aspects of network traffic. This paper introduces a new methodology aimed at enhancing the identification of irregularities in network traffic using a Temporal Metric-Driven GRU Embedded Generative Neural Network (TMG-GRU-VAE). This method incorporates Gated Recurrent Units (GRU) into variational autoencoders to effectively train on the temporal characteristics of network traffic in temporal sequential networks. Moreover, we present a Temporal Correlation Index (TCI) score designed for anomaly detection in Network Intrusion Detection Systems (NIDS). This innovative metric offers a sophisticated and dynamic assessment of temporal behavior within network traffic. TCI’s ability to distinguish between normal and anomalous temporal patterns plays a pivotal role in mitigating false positives. Our proposed method greatly improves the detection of small changes in abnormal sequences over time, enhancing accuracy by making anomalies stand out more clearly and reducing false alarms, thereby making the system more reliable. The proposed work, validated using the CIC-IDS-2017 and CIC-IDS-2018 datasets, demonstrates a significant decrease in False Positives (FP) across all models. Notable improvements range from 7.2% to 12.9% for the CIC-IDS-2017 dataset and from 7.1% to 14.1% for the CIC-IDS-2018 dataset. This highlights its significant impact on decreasing false positive rates.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords