An Algorithm for the Initial Detection of Malicious Traffic Based on the Autoencoder Reconstruction Error and a Variational Model: the Influence of the Error Distribution Density on the Performance Indicators of the Models

Authors

  • Adeyemi Marc Aurele Emmanuel Djeguede RUDN University

DOI:

https://doi.org/10.17072/1993-0550-2025-2-47-64

Keywords:

autoencoders, variational models, zero-day attacks detection, reconstruction error

Abstract

The emergence of new sophisticated types of attacks forces the community of computer security researchers to constantly improve detection tools and response methods. The present study explores different factors of autoencoders and variational models that influence their effectiveness in identifying novel attack types and malicious network traffic. The general idea of the proposed algorithm is to construct a confidence interval for the reconstruction error of the training sample, based on which a decision is made on the maliciousness of a particular traffic. Additional emphasis was placed on selecting an appropriate error metric to minimize the overlap between the density distributions of reconstruction errors for normal and malicious traffic. In the study of the variational model, the effect of the t-distribution on the quality of detecting new types of attacks was investigated. The studies were conducted on the CIC-IDS2017 dataset of the Canadian Cybersecurity Institute, containing up to 14 types of traffic and attacks. The experimental results show that with a competent selection of the error measure and the threshold values of the confidence interval, our models outperform existing analogues in various performance indicators.

References

Qiu, W., Ma, Y., Chen, X., Yu, H. and Chen, L. (2022), "Hybrid intrusion detection system based on Dempster–Shafer evidence theory", Elsevier BV, vol. 117, pp. 4–6. doi:10.1016/j.cose.2022.102709. EDN: VYGLJS.

Yang, J., Li, H., Shao, S., Zou, F. and Wu, Y. (2022), "FS-IDS: A Framework for Intrusion Detection Based on Few-Shot Learning", Elsevier BV, vol. 122, pp. 3–8. doi:10.1016/j.cose.2022.102899. EDN: FLHKJN.

Zhang, J., Chen, R., Zhang, Y., Han, W., Gu, Z., Yang, S. and Fu, Y. (2024), "MF2POSE: Multitask feature fusion pseudo-siamese network for intrusion detection using category-distance promotion loss", Elsevier BV, vol. 283, pp. 3–5. doi:10.1016/j.knosys.2023.111110. EDN: ODGZZD.

Gupta, N., Jindal, V. and Bedi, P. (2021), "LIO-IDS: Handling Class Imbalance Using LSTM and Improved One-Vs-One Technique in Intrusion Detection System", Elsevier BV, vol. 192, pp. 6–7. doi:10.1016/j.comnet.2021.108076. EDN: TECCVW.

Olszewski, D., Iwanowski, M. and Graniszewski, W. (2024), "Dimensionality Reduction for Detection of Anomalies in the IoT Traffic Data", Elsevier BV, vol. 151, pp. 137–151. doi:10.1016/j.future.2023.09.033. EDN: VPAVLN.

Gao, M., Wu, L., Li, Q. and Chen, W. (2023), "Anomaly Traffic Detection in IoT Security Using Graph Neural Networks", Elsevier BV, vol. 76, pp. 3–7. doi:10.1016/j.jisa.2023.103532. EDN: FNAUKF.

Ma, Q., Sun, C., Cui, B. and Jin, X. (2021), "A Novel Model for Anomaly Detection in Network Traffic Based on Kernel Support Vector Machine", Elsevier BV, vol. 104, pp. 3–7. doi:10.1016/j.cose.2021.102215. EDN: BJBXZA.

Wang, X., Wang, Z., Wang, E. and Sun, Z. (2024), "Spatial-Temporal Knowledge Distillation for Lightweight Network Traffic Anomaly Detection", Elsevier BV, vol. 137, pp. 3–7. doi:10.1016/j.cose.2023.103636. EDN: XKZBIV.

Wu, Y., Hu, Y., Wang, J., Feng, M., Dong, A. and Yang, Y. (2024), "An Active Learning Framework Using Deep Q-Network for Zero-Day Attack Detection", Elsevier BV, vol. 139, pp. 2–6. doi:10.1016/j.cose.2024.103713. EDN: ZPMTLG.

Shen, S., Cai, C., Li, Z., Shen, Y., Wu, G. and Yu, S. (2024), "Deep Q-Network-Based Heuristic Intrusion Detection Against Edge-Based SIoT Zero-Day Attacks", Elsevier BV, vol. 150, pp. 3–7. doi:10.1016/j.asoc.2023.111080.

Akshaya, S. and Padmavathi, G. (2024), "Enhancing Zero-Day Attack Prediction: A Hybrid Game Theory Approach with Neural Networks", International Journal of Intelligent Systems and Applications in Engineering, vol. 12, pp. 643–663.

Soltani, M., Ousat, B., Siavoshani, M. J. and Jahangir, A. H. (2023), "An Adaptable Deep Learning-Based Intrusion Detection System to Zero-Day Attacks", Elsevier BV, vol. 76, pp. 3–6. doi:10.1016/j.jisa.2023.103516. EDN: SWBFSN.

Blaise, A., Bouet, M., Conan, V. and Secci, S. (2020), "Detection of Zero-Day Attacks: An Unsupervised Port-Based Approach", Elsevier BV, vol. 180, pp. 4–6. doi:10.1016/j.comnet.2020.107391. EDN: OKBLHN.

Chen, W., Wang, Z., Chang, L., Wang, K., Zhong, Y., Han, D., Duan, C., Yin, X., Yang, J. and Shi, X. (2024), "Network Anomaly Detection via Similarity-Aware Ensemble Learning with ADSim", Elsevier BV, vol. 247, pp. 4–5. doi:10.1016/j.comnet.2024.110423. EDN: HLGASK.

Downloads

Published

2025-07-15

How to Cite

Djeguede, A. M. A. E. (2025). An Algorithm for the Initial Detection of Malicious Traffic Based on the Autoencoder Reconstruction Error and a Variational Model: the Influence of the Error Distribution Density on the Performance Indicators of the Models. BULLETIN OF PERM UNIVERSITY. MATHEMATICS. MECHANICS. COMPUTER SCIENCE, (2 (69), 47–64. https://doi.org/10.17072/1993-0550-2025-2-47-64

Issue

No. 2 (69) (2025): Bulletin of Perm University. Mathematics. Mechanics. Computer Science

Section

Computer Science

License

Copyright (c) 2025 Adeyemi Marc Aurele Emmanuel Djeguede

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Articles are published under license Creative Commons Attribution 4.0 International (CC BY 4.0).