DeepInsight Convolutional Neural Network for Intrusion Detection Systems DeepInsight Convolutional Neural Network for Intrusion Detection Systems Tuan Phong Tran, Van Cuong Nguyen, Ly Vu and Quang Uy[.]
Trang 1DeepInsight-Convolutional Neural Network for
Intrusion Detection Systems
Tuan Phong Tran, Van Cuong Nguyen, Ly Vu and Quang Uy Nguyen
Le Quy Don Technical University, Hanoi, Vietnam
Abstract—Intrusion detection systems (IDSs) play a critical
role in many computer networks to combat attacks from external
environments However, due to the rapid spread of various new
attacks, developing a robust IDS that can effectively detect novel
attacks and prevent them from devastating network systems is
a challenging task Recently, deep neural networks (DNNs) have
been widely used to enhance the accuracy of IDSs in detecting
network intrusions Nevertheless, the performance of DNN highly
depends on the representation of the input data In this paper,
we introduce a novel method called DeepInsight-Convolutional
Neural Network-Intrusion Detection System (DC-IDS) In
CD-IDS, the DeepInsight technique is used to transform the network
traffic data into a new representation in the form of an image
This new representation of the traffic data is then used as the
input of a Convolutional Neural Network (CNN) We evaluate
our proposed technique using an extensive experiment on five
IDS datasets The experimental results show that the proposed
model enhances the performance of IDSs in detecting various
network attacks compared to different popular machine learning
algorithms
Keywords- CNN, DeepInsight, IDS, DC-IDS
Cyber-security intrusion detection plays a crucial role in
protecting information and communication systems, thus it
has received a great attention from the research community in
recent years For example, European countries have invested
a huge amount of budget to build a coherent framework for
securing networks as well as electronic communication
sys-tems [1] However, developing a robust and efficient Intrusion
Detection System (IDS) is one of the most challenging tasks
in the cyber world This is because of the fast growth of the
volume of network data, the difficulty of building an accurate
detection model, and the diversity of data being transferred
via networks
Generally, IDSs are classified into two categories by
methodologies [2], signature-based methods and machine
learning-based methods The signature-based methods match
the signatures of incoming network traffic data with predefined
signatures and filters of intrusions Thus, they effectively
identify known intrusions while unknown malicious behavior
remains undetected Conversely, the machine learning-based
methods focus on detecting patterns and comparing them to
those extracted from regular traffic by using machine learning
models These models are capable of extracting high levels of
features from huge quantities and complex properties of traffic
data Moreover, they are able to detect unknown attacks [3]–
[5]
Due to the effectiveness to detect various network attacks,
a number of machine learning models including traditional
machine learning such as Support Vector Machine (SVM),
Random Forest (RF), Decision Tree (DT) and deep neural networks (DNNs) such as Autoencoder (AE), Convolutional Neural Network (CNN) [6] have been used for IDSs However, the performance of machine learning models highly depends
on the representation of the input data A good representation for the detection problem separates data samples of different classes and thus it favors the machine learning methods
On the contrary, an unsatisfied representation mixes the data samples of different classes and hinders the machine learning algorithms from achieving good performance In xthis paper,
we introduce a new method to improve the accuracy of IDSs by transforming the network traffic data into a new representation in the form of an image using the DeepInsight technique [7] Then, we extract high-level features of network traffic data using a CNN model This proposed technique, namely DeepInsight-Convolutional Neural Network-IDS (DC-IDS), is evaluated on various IDS datasets The experimental results show that DC-IDS enhances the accuracy in detecting network intrusions compared to popular machine learning algorithms
The main contributions of this paper are as follows:
• We propose a method to transform the network traffic into
a new representation using DeepInsight in which each data sample is transformed into an image
• We evaluate the proposed technique by performing inten-sive experiments on five intrusion datasets to show the superiority of the proposed solution
The rest of paper is organized as follows Section II briefly reviews related works on IDS Section III presents the funda-mental background of CNN and DeepInsight The proposed method is then described in Section IV The experimental set-tings are provided in Section V After that, Section VI presents experimental results together with analysis Conclusions and future works are discussed in Section VII
II RELATEDWORK
This section briefly reviews the previous research on the IDS signature-based approach and the machine learning-based approach In the signature-based approach, an IDS usually matches incoming network traffic to some pre-defined pattern that describes the behavior of intrusions If pattern-matching
is successful, the incoming packets will be reported as an intrusion [8] There are an increasing number of studies and enhancements of pattern-matching algorithms The Boyer-Moore (BM) algorithm has been popular in IDSs due to its great efficiency [9] The BM method has several drawbacks, including slow detection speed and high memory consump-tion [10] These drawbacks might affect the robustness of IDSs
in real-world applications
Trang 2The machine learning-based approach has received more
attention due to its effectiveness in IDSs The popular
ma-chine learning models for IDSs include Logistic Regression
(LR) [11], RF [12], SVM [12] and DT [13] These models
are based on hand-crafted data features, thus the performance
of IDSs depends heavily on human experts Recently, deep
neural network (DNN) is used overcome the above
aforemen-tioned limitation of the IDSs using the traditional machine
learning models In [14], the authors described an effective
and flexible IDS based on DNN Their proposed model uses
an one-dimensional CNN (1D-CNN) to enhance the accuracy
of the IDS problem compared with the traditional machine
learning methods, including SVM and RF The authors in [15]
improved the detection accuracy of an IDS using a fully
connected network However, this approach was ineffective
when dealing with time series data, such as distributed denial
of service (DDoS) attacks [15] Ly et al [5], [16] proposed two
new versions of an AutoEncoder and a Variational
AutoEn-coder for learning the representation of network traffic data
Their models improve the accuracy of IoT anomaly detection
problems
CNN has proved to be the most popular and effective DNN
for image analysis problems [17], [18] However, the network
traffic data is not extracted in image form, thus it is challenging
to apply the CNN model to enhance the performance of an
IDS Recently, Sharma et al [7] proposed the DeepInsight
technique that enables the possibility of using CNN to improve
the classification performance of various data types The
au-thors of [7] evaluated classification accuracy across a variety of
datasets, including gene expression, text, vowels, and artificial
datasets The authors compared the DeepInsight method to
popular classifiers such as DT, Ada-Boost (AB), and RF
Experiments demonstrated that DeepInsight outperformed all
other models on all datasets DeepInsight’s accuracy averaged
95% across all datasets, RF was second at 86%, while DT and
AB were 80% and 73%, respectively However, DeepInsight
has not been investigated for analyzing the network traffic data
In this paper, we utilize the benefit of DeepInsight to transform
the network traffic data into the image form This allows the
CNN model to learn effectively from network traffic data to
identify attacks in IDSs
III BACKGROUND
This section presents the fundamental background of
DeepInsight and CNN that will be used in our proposed
technique
A DeepInsight
It is necessary to convert non-image data, such as genes,
text, financial, banking, and network traffic, to image data
before using the CNN model DeepInsight [7] generates
im-ages by grouping similar components or features together and
spacing them apart As a result, this technique improves the
flexibility of CNN by allowing it to cope with non-image data
Fig 1 illustrates the process of DeepInsight to convert data
from a vector to an image This process aims to determine
where features are located in the 2D space First, DeepInsight
x0
x 3
x 2
x 1
x d
.
.
kPCA/
Rotation
Framing & Mapping Pixel
Coordinates
Fig 1: DeepInsight Pipeline An illustration of how DeepIn-sight converts a feature vector to image pixels
uses a dimension reduction method such as t-SNE [19] or principal component analysis (PCA) [20] to produce a two-dimensional plane The data features now are represented by the points in a Cartesian plane [21] Second, the convex hull algorithm [22] is used to determine the smallest rectangle that contains all the points Third, this rectangle is rotated to form an image horizontally or vertically Following that, the Cartesian coordinates are transformed to pixel coordinates by averaging certain characteristics The final step is to associate the feature values with the pixel coordinates If more than one feature acquires the same position in the pixel frame, the corresponding features will be averaged and put in the same location during feature mapping
B Convolutional neural network (CNN) CNN architecture is a type of DNN that is developed rapidly due to it’s effectiveness in extracting features from an image dataset [17] The basic architecture of CNN is described in Fig 2 which has the following layers:
Input Conv + Maxpool
Conv + Maxpool
Conv + Maxpool Conv + Maxpool
Fully Connected Fully Connected Output
Fig 2: The CNN architecture
• Input layer: It receives two-dimensional input data (e.g., image data)
• Convolutional layer: It is the primary component of CNN
It generates an output by multiplying a portion of the image by a kernel (filter) Convolution is accomplished by sliding the kernel over the input image At each position,
Trang 3matrix multiplication is done element-wise, followed by
a cumulative total throughout the multiplication range
• Max pooling layer: Pooling is the next operation after
convolution It is used to reduce the dimension of the
feature map without affecting the depth In max pooling,
we slide the window across the feature map and take the
maximum value of the window
• Fully connected layer: By adding weight and bias to each
connected neuron in the current layer, fully connected
layers, also known as dense layers, connect each neuron
in the current layer to every neuron in the preceding layer
• Output layer: This layer is configured depending on the
type of machine learning task
IV METHODS
This section presents our proposed model that utilizes the
strength of DeepInsight and CNN to improve the accuracy of
IDSs We named the proposed model DeepInsight-CNN-IDS
(DC-IDS) Fig 3 illustrates the architecture of the DC-IDS
model
Network
Dataset
Image Dataset CNN Model
Output
Fig 3: DC-IDS architecture
A Data pre-processing
Because IDS datasets are gathered from a variety of sources,
they need to be processed before being used as input to the
model First, the samples with null values are eliminated
Second, we removed features that do not generally describe
network behavior, such as Flow ID, Source IP, Destination IP
and Time stamp Third, categorical features will be
trans-formed to numerical types by one-hot encoding Finally, the
datasets will be rescaled to the range of 0 and 1
B Image Transformation
After preprocessing, the data is fed into the DeepInsight
model for image transformation In DeepInsight, there are
three feature extraction options, including t-SNE, PCA, and
kernel PCA (kPCA) Fig 4 presents the output of a sample
randomly selected from the Phishing Websites dataset [23]
using these three options This figure shows that the t-SNE can
generate a higher quality image since the image has discrepant
locations Thus, we selected t-SNE for our DC-IDS model
Fig 4: An illustration showing the difference when using dif-ferent feature extraction methods with the same data sample
Conv Layer ReLU Layer Conv Layer ReLU Layer Max-pool Layer Max-pool Layer Flatten Layer Dropout Layer Dense Layer Dense Layer Dense Layer Softmax Layer
Input
Fig 5: CNN architecture used in DC-IDS
C Classification Once converted into an image form, the network traffic data
in the form of images is input to the CNN model Fig 5 illustrates the CNN architecture of our proposed technique The CNN model includes two blocks, each of which has a 2D Convolution layer, a ReLU activation layer, and a Max Pooling layer The output of the second block is flattened and fed to
a Dropout layer The Dropout layer is used to randomly set neurons to 0 for preventing overfitting Several dense layers and the Softmax layer are utilized for classification
This section presents the datasets, the performance metric, and the experimental settings used in the paper
A Dataset The experiment was conducted using five IDS datasets, including Phishing Websites [23], Spambase [23], CIC-IDS
2017 [24], BGP-RIPE and BGP-Route Views [25] Table I shows these datasets in detail The features of data are originally formed as one-dimensional vectors We randomly divided the datasets into a training set (80%) and a testing set (20%) except for the CIC-IDS 2017 dataset, since this dataset has been divided into independent training and testing sets For early stopping, we randomly selected 10% data samples from the training set for validation If the validated accuracy
is decreased by 10 epoches, the training process is stopped
• The Spambase dataset [23] was constructed from spam e-mail collection using postmaster and reported spam The label indicates whether the email was classified as spam (1) or not (0) The majority of the characteristics reflect the frequency of presence of a specific word or character
in the e-mail
• The Phishing dataset [26] has the fewest features among the datasets in our experiments The bulk of the attributes
in this data collection are binary in nature, which assess the criteria for determining whether a sample is a phishing website attack or not
Trang 4TABLE I: General information about datasets.
Phishing
Websites
BGP-Route
Views
CIC-IDS
2017
• Both BGP-RIPE and BGP-Route Views are Border
Gate-way Protocol (BGP) datasets [25] that were collected
through RIPE (Reseaux IP Europeens) NCC (Network
Coordination Center) and project Route Views,
respec-tively Two BGP datasets contain information which was
analyzed from five well-known BGP attacks, including
WannaCrypt, Moscow Blackout, Slammer, Nimda, Code
Red I, and a subset of harmless traffic
• The CIC-IDS-2017 dataset [24] is a contemporary
anomaly-based dataset that includes benign and the most
popular attacks [27] This dataset contains about 3 million
network flows [24] In the experiments, we only used 10%
of the data samples for training and testing in order to
decrease training and testing times
B Evaluation Method
We use a popular and reliable performance metric, Area
Under Curve (AUC), to evaluate the tested methods The AUC
value is calculated based on the True Positive Rate (TPR) and
the False Positive Rate (FPR):
TPR= TP
FPR= FP
where TP and FP denote the number of correctly predicted
samples for a single class, respectively, while TN and FN
denote the number of correctly predicted samples for all other
classes
We then plot TPR and FPR at different classification
thresh-olds to get the Receiver Operating Characteristic (ROC) curve
The AUC is then defined as the total area under the ROC curve
A higher AUC indicates a better model at classifying different
classes correctly This metric indicates the average quality of
a classification model over a range of threshold values
C Experimental Setting
We implemented the experiments using two popular
ma-chine learning frameworks, i.e., TensorFlow [28] and
Scikit-Learn [29] We compared our proposed model to the four
traditional machine learning models (i.e., SVM [12], DT [13],
LR [11], RF [12]) and two DNN models (i.e., AE [30] and
1D-CNN [31]) With traditional machine learning models,
we utilized the default Skicit-Learn parameters The hyper-parameters of the AE and 1D-CNN are used the same as in the previous works [32] and in [31], respectively We set the general hyper-parameters of the DC-IDS model as in Table II
TABLE II: DC-CNN hyper-parameters
VI RESULTS ANDDISCUSSIONS
This sections presents the experimental results in the four following scenarios
• Accuracy Comparison: Evaluating the accuracy of the proposed model in comparison to that of the other mod-els
• Lack of training data: Measuring the influence of the lack
of training data problems on IDSs
• Lack of training attack type: Evaluating the ability of machine learning models to detect unknown attacks
• Predicting time: Comparing the predicting time between all evaluated models
A Accuracy Comparison Table III presents the AUC of DC-IDS compared to the other tested methods The table shows that our proposed model, DC-IDS, has higher accuracy than those achieved
by the other models For example, compared with RF, AE, and 1D-CNN, DC-IDS improves the AUC score by 0.001, 0.123, and 0.226, respectively, on the CIC-IDS 2017 dataset Similarly, the DC-IDS’s AUC score on the BGP-RIPE dataset
is 0.954, whereas the second best model’s AUC score is 0.940 The results from BGP-Route Views and Spambase also show the best performance of DC-IDS On the Phishing Websites dataset, DC-IDS achieves the second best AUC behind RF TABLE III: AUC for both DC-IDS and the competitors on all datasets The best results are in bold
BGP-Route Views
CIC-IDS 2017
Phishing Websites
To better understand the reason for the better results of DC-IDS compared to the other methods, we visualize the
Trang 5representation of network traffic data of DC-IDS, AE, and
1D-CNN using the Spambase dataset The visualized vector of AE
is its latent layer, while the visualized vectors of DC-IDS and
1D-CNN are their flatten layer This visualization is presented
in Fig 6 This figure shows that the normal and attack traffic
can be separated well when using DC-IDS compared to AE
and 1D-CNN Thus, DS-IDS often achieves a higher AUC
value than AE and 1D-CNN
(a) 1D-CNN
(b) AE
(c) DC-IDS
Fig 6: Data representation using (a) 1D-CNN, (b) AE and (c)
DC-IDS
B Lack of training sample
The lack of training data may have an adverse bearing
on classification performance To assess the strength of the
proposed model with the lack of training data, we conducted
experiments with various training dataset sizes by randomly
selecting training samples from the original training dataset
We compared the AUC scores of the proposed model, i.e.,
DC-IDS to those of the other models on the most
up-to-date IDS dataset, i.e., the CIC-IDS 2017 dataset The results
tested on the original test set are presented in Table IV This
table demonstrates that the proposed model outperforms other
models in the case of the lack of the training data Specifically,
the proposed model achieved the best performance across
all training dataset sizes When the number of training data
samples is decreased from 265927 to 1000 samples, the AUC
score of the DC-IDS model is reduced only by 0.16 while LR,
DT, RF, SVM, and AE are decreased by 0.34, 0.64, 0.25, 0.29 and 0.61, respectively These results show that our proposed model is robust with the lack of the training data
TABLE IV: AUC for both DC-IDS and the competitors on CIC-IDS dataset with different sized training datasets The best results are in bold
samples
C Lack of training attack type This subsection evaluates the ability of DC-IDS to detect unknown attacks We eliminated the DoS Hulk attack type in the training set of the CIC-IDS 2017 Thus, this attack type is considered an unknown attack Fig 7 shows AUC scores of the evaluated models trained by the CIC-IDS 2017 dataset without the DoS Hulk attack The AUC scores of DC-IDS, 1D-CNN,
AE, SVM, RF, DT, and LR trained without the DoS Hulk attack samples are 0.971, 0.761, 0.796, 0.957, 0.942, 0.849, and 0.885, respectively Thus, the ability to detect unknown attacks by the DC-IDS model outperforms all other models
LR DT RF SVM AE 1D-CNN DC-IDS
0.885 0.849 0.942 0.957 0.796
0.761
0.971
Fig 7: AUC for both DC-IDS and the competitors on CIC-IDS dataset with training dataset that is devoid of DoS Hulk samples
D Predicting time This subsection presents the processing time to predict one data sample As shown in Fig 8, the predicting time of the DNN-based IDS models (i.e., AE, 1D-CNN, and DC-IDS) is much higher than the traditional machine learning-based IDS models (i.e., LR, DT, and RF) The reason is that the DNN models usually have a complex architecture compared with others However, this figure also shows that the predicting time
of the proposed model ranges from 30 to 45 milliseconds in various datasets, and these values are adequate in real-world network systems [33]
Trang 6Fig 8: Predicting time comparison (in milliseconds).
VII SUMMARY
IDS is a topic of interest for academic and industrial
researchers The most widely used methods for IDS are
machine learning-based models However, the complicated
representation of network traffic data is hard for some machine
learning-based models, especially DNN This paper proposed
a robust IDS, namely DC-IDS, based on DNN The proposed
model converts the network traffic data into image form using
DeepInsight Then, this new representation is fitted to the CNN
model The experimental results show that our proposed model
outperforms other IDS based on machine learning in various
evaluation aspects In the future, we plan to extend this work
by applying the Bayesian Optimization technique [34] for
DC-IDS to find the best hyper-parameters for our proposed model
This research is funded by Vietnam National Foundation for
Science and Technology Development (NAFOSTED) under
grant number 102.05-2019.05
[1] J Farwell and R Rohozinski, “Stuxnet and the future of cyber war,”
Survival, vol 53, pp 23–40, 02 2011.
[2] D Han, Z Wang, Y Zhong, W Chen, J Yang, S Lu, X Shi, and
X Yin, “Evaluating and improving adversarial robustness of machine
learning-based network intrusion detectors,” IEEE Journal on Selected
Areas in Communications, vol 39, no 8, p 2632–2647, Aug 2021.
[3] L Sacramento, I Medeiros, J Bota, and M Correia, Detecting Botnets
and Unknown Network Attacks in Big Traffic Data, 03 2019.
[4] M Al-Zewairi, S Almajali, and M Ayyash, “Unknown security attack
detection using shallow and deep ann classifiers,” Electronics, vol 9, p.
2006, 11 2020.
[5] L Vu, V L Cao, Q U Nguyen, D N Nguyen, D T Hoang,
and E Dutkiewicz, “Learning latent representation for iot anomaly
detection,” IEEE Transactions on Cybernetics, pp 1–14, 2020.
[6] M Z Alom and T M Taha, “Network intrusion detection for cyber
security using unsupervised deep learning approaches,” in 2017 IEEE
National Aerospace and Electronics Conference (NAECON), 2017, pp.
63–69.
[7] A Sharma, E Vans, D Shigemizu, K Boroevich, and T Tsunoda,
“Deepinsight: A methodology to transform a non-image data to an image
for convolution neural network architecture,” Scientific Reports, vol 9,
08 2019.
[8] J Yuan, J Zheng, and S Ding, “An improved pattern matching
algo-rithm,” in 2010 Third International Symposium on Intelligent
Informa-tion Technology and Security Informatics, 2010, pp 599–603.
[9] A Hasan, N Abdul Rashid, A Akram Abdulrazzaq, and M Abu-Hashem, “String matching algorithms for intrusion detection system
a survey and taxonomy,” International Journal of Advancements in Computing Technology, vol 5, pp 317–333, 04 2013.
[10] F Du, “An effective pattern matching algorithm for intrusion detection,”
in 2012 International Conference on Computer Science and Electronics Engineering, vol 3, 2012, pp 34–38.
[11] B Subba, S Biswas, and S Karmakar, “Intrusion detection systems using linear discriminant analysis and logistic regression,” 2015 Annual IEEE India Conference (INDICON), pp 1–6, 2015.
[12] I Ahmad, M Basheri, J Iqbal, and A Raheem, “Performance com-parison of support vector machine, random forest, and extreme learning machine for intrusion detection,” IEEE Access, vol PP, pp 1–1, 05 2018 [13] H Somashekar, “Performance analysis of decision tree classifier in network intrusion detection system,” International Journal of Innovative Research in Science Engineering and Technology, vol 10, p 9, 06 2021 [14] Y Ding and Y Zhai, “Intrusion detection system for nsl-kdd dataset using convolutional neural networks,” in Proceedings of the 2018 2nd In-ternational Conference on Computer Science and Artificial Intelligence,
12 2018, pp 81–85.
[15] J Kim, N Shin, S Jo, and S Kim, “Method of intrusion detection using deep neural network,” 02 2017, pp 313–316.
[16] L Vu, V L Cao, Q U Nguyen, D N Nguyen, D T Hoang, and
E Dutkiewicz, “Learning latent distribution for distinguishing network traffic in intrusion detection system,” in ICC 2019 - 2019 IEEE Inter-national Conference on Communications (ICC), 2019, pp 1–6 [17] D Wagh, “Classification of image using convolutional neural networks,” International Journal for Research in Applied Science and Engineering Technology, vol 9, pp 1212–1214, 08 2021.
[18] M Saqib, N Sharma, S Khan, and M Blumenstein, “A study on detecting drones using deep convolutional neural networks,” 08 2017 [19] L Maaten and G Hinton, “Visualizing high-dimensional data using t-sne,” Journal of Machine Learning Research, vol 9, pp 2579–2605, 01 2008.
[20] A Garc’ia-Gonz’alez, A Huerta, S Zlotnik, and P D’iez, “A kernel principal component analysis (kpca) digest with a new backward map-ping (pre-image reconstruction) strategy,” ArXiv, vol abs/2001.01958, 2020.
[21] F Simons and D Wang, “Spatiospectral concentration in the cartesian plane,” Gem - International Journal on Geomathematics, vol 2, pp 1–36, 04 2011.
[22] L Li, S Luo, X.-C Tai, and J Yang, A Variational Convex Hull Algorithm, 06 2019, pp 224–235.
[23] D Dua and C Graff, “UCI machine learning repository,” [Online] Available: http://archive.ics.uci.edu/ml, 2017, Accessed: 2021-09-10 [24] I Sharafaldin, A Habibi Lashkari, and A Ghorbani, “Toward generating
a new intrusion detection dataset and intrusion traffic characterization,”
01 2018, pp 108–116.
[25] A Gonzalez Rios, Z Li, G Xu, A Diaz, and L Trajkovic, “Detecting network anomalies and intrusions in communication networks,” 04 2019 [26] R Mohammad, “Predicting phishing websites based on self-structuring neural network,” Neural Computing and Applications, 12 2013 [27] M Prasad, S Tripathi, and K Dahal, “An efficient feature selection based bayesian and rough set approach for intrusion detection,” Applied Soft Computing, vol 87, p 105980, 12 2019.
[28] D Yeboah, M Sanoussi, and G Agordzo, “Image classification using tensorflow gpu,” 08 2021, pp 1–5.
[29] P Chary and R Singh, “Review on advanced machine learning model: Scikit-learn,” vol 3, pp 526–529, 09 2020.
[30] N Shone, N Tran Nguyen, P Vu Dinh, and Q Shi, “A deep learning ap-proach to network intrusion detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol 2, pp 41–50, 02 2018 [31] Y XU, X ZHANG, T YE, Z QIU, L ZHANG, H ZHANG, and
Y WU, “1d cnn for feature reconstruction on network threat detec-tion,” in 2021 13th International Conference on Machine Learning and
Computing Machinery, 2021, p 127–132.
[32] H Mac, D Tran, and H.-A Tran, “Detecting attacks on web applications using autoencoder,” 12 2018.
[33] T Buddhika and S Pallickara, “Neptune: Real time stream processing for internet of things and sensing environments,” in 2016 IEEE Inter-national Parallel and Distributed Processing Symposium (IPDPS), 05
2016, pp 1143–1152.
[34] J Snoek, H Larochelle, and R P Adams, “Practical bayesian optimiza-tion of machine learning algorithms,” in NIPS, 2012.