Enhancing Cybersecurity Through Comparative Analysis of Deep Learning Models for Anomaly Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21260%2F24%3A00379945" target="_blank" >RIV/68407700:21260/24:00379945 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.5220/0012312800003648" target="_blank" >https://doi.org/10.5220/0012312800003648</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.5220/0012312800003648" target="_blank" >10.5220/0012312800003648</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Enhancing Cybersecurity Through Comparative Analysis of Deep Learning Models for Anomaly Detection

Popis výsledku v původním jazyce

With the increasing complexity of cyber attacks, traditional methods for anomaly detection in cybersecurity are insufficient, leading to the necessity of integrating deep learning and neural network approaches. This paper presents a comparative analysis of the most powerful deep learning methods for such anomaly detection. We analysed existing datasets for syslog and dataflow, compared several preprocessing methods and identified their strengths and weaknesses. Additionally, we trained and evaluated several deep learning models to provide a comprehensive overview of the current state-of-the-art in cybersecurity. The CNN model achieves excellent results, with 0.999 supervised and 0.938 semi-supervised F1-score in syslog anomaly detection on the BGL dataset and 0.985 F1-score in dataflow anomaly detection on the NIDS dataset. This research contributes to the field of cybersecurity by aiding researchers and practitioners in selecting effective deep-learning models for robust real-life anomaly detection systems. Our findings highlight the reusability of these models in real-life systems.

Název v anglickém jazyce

Enhancing Cybersecurity Through Comparative Analysis of Deep Learning Models for Anomaly Detection

Popis výsledku anglicky

With the increasing complexity of cyber attacks, traditional methods for anomaly detection in cybersecurity are insufficient, leading to the necessity of integrating deep learning and neural network approaches. This paper presents a comparative analysis of the most powerful deep learning methods for such anomaly detection. We analysed existing datasets for syslog and dataflow, compared several preprocessing methods and identified their strengths and weaknesses. Additionally, we trained and evaluated several deep learning models to provide a comprehensive overview of the current state-of-the-art in cybersecurity. The CNN model achieves excellent results, with 0.999 supervised and 0.938 semi-supervised F1-score in syslog anomaly detection on the BGL dataset and 0.985 F1-score in dataflow anomaly detection on the NIDS dataset. This research contributes to the field of cybersecurity by aiding researchers and practitioners in selecting effective deep-learning models for robust real-life anomaly detection systems. Our findings highlight the reusability of these models in real-life systems.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/TM03000055" target="_blank" >TM03000055: Vícedimenzionální detekce a automatizovaná reakce s využitím umělé inteligence</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 10th International Conference on Information Systems Security and Privacy 2024

ISBN

978-989-758-683-5

ISSN

2184-4356

e-ISSN

2184-4356

Počet stran výsledku

9

Strana od-do

682-690

Název nakladatele

SciTePress

Místo vydání

Madeira

Místo konání akce

Rome

Datum konání akce

26. 2. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—