Better Anomaly Detection for Access Attacks Using Deep Bidirectional LSTMs

Henry Clausen, Gudmund Grov, Marc Sabate, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Recent evaluations show that the current anomaly-based network intrusion detection methods fail to detect remote access attacks reliably [10]. Here, we present a deep bidirectional LSTM approach that is designed specifically to detect such attacks as contextual network anomalies. The model efficiently learns short-term sequential patterns in network flows as conditional event probabilities to identify contextual anomalies. To verify our improvements on current detection rates, we re-implemented and evaluated three state-of-the-art methods in the field. We compared results on an assembly of datasets that provides both representative network access attacks as well as real normal traffic over a long timespan, which we contend is closer to a potential deployment environment than current NIDS benchmark datasets. We show that by building a deep model, we are able to reduce the false positive rate to 0.16backslash%0.16%while detecting effectively, which is significantly lower than the operational range of other methods. Furthermore, we reduce overall misclassification by more than 100backslash%100%from the next best method.
Original languageEnglish
Title of host publicationMachine Learning for Networking
EditorsÉric Renault, Selma Boumerdassi, Paul Mühlethaler
Place of PublicationCham
PublisherSpringer International Publishing
Number of pages18
ISBN (Electronic)978-3-030-70866-5
ISBN (Print)978-3-030-70865-8
Publication statusPublished - 3 Mar 2021

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Dive into the research topics of 'Better Anomaly Detection for Access Attacks Using Deep Bidirectional LSTMs'. Together they form a unique fingerprint.

Cite this