Efficient anomaly detection through surrogate neural networks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21340%2F22%3A00361258" target="_blank" >RIV/68407700:21340/22:00361258 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/67985556:_____/22:00577938

Výsledek na webu

<a href="https://doi.org/10.1007/s00521-022-07506-9" target="_blank" >https://doi.org/10.1007/s00521-022-07506-9</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/s00521-022-07506-9" target="_blank" >10.1007/s00521-022-07506-9</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Efficient anomaly detection through surrogate neural networks

Popis výsledku v původním jazyce

Anomaly Detection can be viewed as an open problem despite the growing plethora of known anomaly detection techniques. The applicability of various anomaly detectors can vary depending on the application area and problem settings. Especially in the Big Data industrial setting, an important problem is inference speed, which may render even a highly accurate anomaly detector useless. In this paper, we propose to address this problem by training a surrogate neural network based on an auxiliary training set approximating the source anomaly detector output. We show that existing anomaly detectors can be approximated with high accuracy and with application-enabling inference speed. We compare our approach to a number of state-of-the-art algorithms: one class k-nearest-neighbors (kNN), local outlier factor, isolation forest, auto-encoder and two types of generative adversarial networks. We perform this comparison in the context of an important problem in cyber-security—the discovery of outlying (and thus suspicious) events in large-scale computer network traffic. Our results show that the proposed approach can successfully replace the most accurate but prohibitively slow kNN. Moreover, we observe that the surrogate neural network may even improve the kNN accuracy. Finally, we discuss various implications that the proposed approach can have while reducing the complexity of applied anomaly detection systems.

Název v anglickém jazyce

Efficient anomaly detection through surrogate neural networks

Popis výsledku anglicky

Anomaly Detection can be viewed as an open problem despite the growing plethora of known anomaly detection techniques. The applicability of various anomaly detectors can vary depending on the application area and problem settings. Especially in the Big Data industrial setting, an important problem is inference speed, which may render even a highly accurate anomaly detector useless. In this paper, we propose to address this problem by training a surrogate neural network based on an auxiliary training set approximating the source anomaly detector output. We show that existing anomaly detectors can be approximated with high accuracy and with application-enabling inference speed. We compare our approach to a number of state-of-the-art algorithms: one class k-nearest-neighbors (kNN), local outlier factor, isolation forest, auto-encoder and two types of generative adversarial networks. We perform this comparison in the context of an important problem in cyber-security—the discovery of outlying (and thus suspicious) events in large-scale computer network traffic. Our results show that the proposed approach can successfully replace the most accurate but prohibitively slow kNN. Moreover, we observe that the surrogate neural network may even improve the kNN accuracy. Finally, we discuss various implications that the proposed approach can have while reducing the complexity of applied anomaly detection systems.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Neural Computing and Applications

ISSN

0941-0643

e-ISSN

1433-3058

Svazek periodika

34

Číslo periodika v rámci svazku

23

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

15

Strana od-do

20491-20505

Kód UT WoS článku

000819338100001

EID výsledku v databázi Scopus

2-s2.0-85133284278