Network intrusion detection is a constantly evolving field with researchers and practitioners constantly working to keep up with novel attacks and growing amounts of network data. Traditionally, signature-based techniques and deep packet inspection have been employed, however, the volume of data and complexity of network attacks has made these techniques overbearing and susceptible to zero-day attacks. For this reason, there has been a shift in focus to explore the power of deep learning anomaly-based methods to perform network intrusion detection. In this dissertation we develop and explore several deep learning techniques and their application to performing anomaly-based network intrusion detection. Central to the work is an exploration of the development of unique feature sets using autoencoder feature residuals which have traditionally been overlooked in favor of aggregate residuals. We show that using feature sets generated using autoencoder feature residuals provide an improvement in downstream classifier performance compared to an original feature set for network intrusion detection. In doing so, we find that these overlooked byproducts of anomaly-based methods can be used as a drop-in replacement for an original feature set, meeting or exceeding its performance.

Creator

• Lewandowski, Brian

Contributors

• Murai, Fabricio
• Li, Yanhua
• Paffenroth, Randy Clinton
• Leslie, Nandi

Degree

• PhD

Unit

• Computer Science

Publisher

• Worcester Polytechnic Institute

Identifier

• etd-112577

Advisor

• Paffenroth, Randy Clinton

Orcid

• https://orcid.org/0009-0009-0262-6481

Committee

• Murai, Fabricio
• Li, Yanhua
• Leslie, Nandi

Defense date

• 2023-08-01

Year

• 2023

Sponsor

• Raytheon Technologies

Date created

• 2023-08-02

Resource type

• Dissertation

Source

• etd-112577

Rights statement

• In Copyright

Last modified

• 2023-08-23