Toward Effective Intrusion Detection Using Log-Cosh Conditional Variational Autoencoder

Intrusion detection is an important technique that can provide solid protection for the network equipment against the security attacks. However, the attacks are usually unbalanced in different types and the attacks of unknown classes may also occur with the growth of Internet construction. In this case, the traditional machine learning-based intrusion detection methods usually have inferior detection accuracy and high false-positive rates. To tackle this problem, in this article, we propose a novel deep learning-based intrusion detection method named log-cosh conditional variational autoencoder (LCVAE). It inherits the capability of the conditional variational autoencoder (CVAE) that can capture the complex distribution of observed data and generate new data with prespecified classes. Different from the traditional CVAE, to better model the discrete property in the intrusion data, we design an effective loss term using the log hyperbolic cosine (log-cosh) function in the proposed LCVAE method. It can well balance the generation and reconstruction procedures and is more effective to generate diverse intrusion data for the imbalanced classes. To improve the detection accuracy, we utilize the classification based on convolutional neural network to perform feature extraction and classification based on the observed and generated intrusion data. We conduct extensive experiments on the challenging data set NSL-KDD with large-scale intrusion data. The results show that the superior detection performance of the proposed LCVAE method comparing with several state-of-the-art intrusion detection methods, and also demonstrate the potentiality of generating new intrusion data with promising diversity.