IEEE Access (Jan 2024)
Enhancing Network Traffic Anomaly Detection: Leveraging Temporal Correlation Index in a Hybrid Framework
Abstract
The modern digital environment is becoming increasingly interconnected, underscoring the critical need to safeguard network infrastructures. Detecting anomalies in network traffic remains essential as cyber threats continue to evolve. Analyzing trends, patterns, and relationships in network traffic data over time poses challenges. On the other hand, traditional generative neural networks emphasize detecting network attacks but encounter difficulties due to limitations in capturing the temporal and dynamic aspects of network traffic. This paper introduces a new methodology aimed at enhancing the identification of irregularities in network traffic using a Temporal Metric-Driven GRU Embedded Generative Neural Network (TMG-GRU-VAE). This method incorporates Gated Recurrent Units (GRU) into variational autoencoders to effectively train on the temporal characteristics of network traffic in temporal sequential networks. Moreover, we present a Temporal Correlation Index (TCI) score designed for anomaly detection in Network Intrusion Detection Systems (NIDS). This innovative metric offers a sophisticated and dynamic assessment of temporal behavior within network traffic. TCI’s ability to distinguish between normal and anomalous temporal patterns plays a pivotal role in mitigating false positives. Our proposed method greatly improves the detection of small changes in abnormal sequences over time, enhancing accuracy by making anomalies stand out more clearly and reducing false alarms, thereby making the system more reliable. The proposed work, validated using the CIC-IDS-2017 and CIC-IDS-2018 datasets, demonstrates a significant decrease in False Positives (FP) across all models. Notable improvements range from 7.2% to 12.9% for the CIC-IDS-2017 dataset and from 7.1% to 14.1% for the CIC-IDS-2018 dataset. This highlights its significant impact on decreasing false positive rates.
Keywords