TTANAD: Test-Time Augmentation for Network Anomaly Detection

Seffi Cohen, Niv Goldshlager, Bracha Shapira, Lior Rokach

Research output: Contribution to journalArticlepeer-review

Abstract

Machine learning-based Network Intrusion Detection Systems (NIDS) are designed to protect networks by identifying anomalous behaviors or improper uses. In recent years, advanced attacks, such as those mimicking legitimate traffic, have been developed to avoid alerting such systems. Previous works mainly focused on improving the anomaly detector itself, whereas in this paper, we introduce a novel method, Test-Time Augmentation for Network Anomaly Detection (TTANAD), which utilizes test-time augmentation to enhance anomaly detection from the data side. TTANAD leverages the temporal characteristics of traffic data and produces temporal test-time augmentations on the monitored traffic data. This method aims to create additional points of view when examining network traffic during inference, making it suitable for a variety of anomaly detector algorithms. Our experimental results demonstrate that TTANAD outperforms the baseline in all benchmark datasets and with all examined anomaly detection algorithms, according to the Area Under the Receiver Operating Characteristic (AUC) metric.

Original languageEnglish
Article number820
JournalEntropy
Volume25
Issue number5
DOIs
StatePublished - 19 May 2023

Keywords

  • NIDS
  • TTA
  • anomaly detection
  • time series

ASJC Scopus subject areas

  • Information Systems
  • Mathematical Physics
  • Physics and Astronomy (miscellaneous)
  • General Physics and Astronomy
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'TTANAD: Test-Time Augmentation for Network Anomaly Detection'. Together they form a unique fingerprint.

Cite this