Determinação Automática de Limiar de Detecção de Ataques em Redes de Computadores Utilizando Autoencoders
This work addresses a specific issue in digital security for computer networks, but it appears incremental as it applies existing machine learning methods to a known bottleneck in anomaly detection.
The paper tackled the problem of non-standardized separation thresholds in autoencoder-based anomaly detection systems, which impact detection performance, by proposing an automatic threshold definition method using machine learning algorithms and evaluating K-Nearest Neighbors, K-Means, and Support Vector Machine.
Currently, digital security mechanisms like Anomaly Detection Systems using Autoencoders (AE) show great potential for bypassing problems intrinsic to the data, such as data imbalance. Because AE use a non-trivial and nonstandardized separation threshold to classify the extracted reconstruction error, the definition of this threshold directly impacts the performance of the detection process. Thus, this work proposes the automatic definition of this threshold using some machine learning algorithms. For this, three algorithms were evaluated: the K-Nearst Neighbors, the K-Means and the Support Vector Machine.