Mengnan Gao,Lifa Wu,Qi Li,Wei Chen

DOI: https://doi.org/10.1016/j.jisa.2023.103532

IF: 4.96

2023-06-17

Journal of Information Security and Applications

Abstract:The number of Internet of Things (IoT) devices is expanding quickly as IoT gradually spreads to all aspects of life. At the same time, IoT devices have emerged as a new attack medium for attack groups, and IoT security becomes an urgent issue to be solved. Attackers often evade intrusion detection using disguises, and attack methods against the IoT continue to evolve over time. To effectively identify malicious traffic, we propose a method for anomaly detection based on attribute graphs to identify potential security vulnerabilities in IoT traffic. The nodes of the attribute graph are values of features extracted from network traffic, with a meta-path-based graph neural network learning the topology and attribute information of the traffic network. To assure the model's performance under large-scale IoT nodes, we develop a Hoffman coding-based data accuracy adjustment strategy to optimize the data, which regulates the size of the attribute graph under various data sizes. Our extensive experiments on datasets of real network traffic show the effectiveness of our method.

computer science, information systems

Xiaoheng Deng,Jincai Zhu,Xinjun Pei,Lan Zhang,Zhen Ling,Kaiping Xue

DOI: https://doi.org/10.1109/tnsm.2022.3213807

2022-01-01

IEEE Transactions on Network and Service Management

Abstract:Given the distributed nature of the massively connected “Things” in IoT, IoT networks have been a primary target for cyberattacks. Although machine learning based network intrusion detection systems (NIDS) can effectively detect abnormal network traffic behaviors, most existing approaches are based on a large amount of labeled traffic flow data, which hinders their implementation in the highly dynamic IoT networks with limited labeling. In this paper, we develop a novel Flow Topology based Graph Convolutional Network (FT-GCN) approach for label-limited IoT network intrusion detection. Our main idea is to leverage the underlying traffic flow patterns, $i.e.$ , the flow topological structure, to unlock the full potential of the traffic flow data with limited labeling, where the FT-GCN will be deployed at the edge servers in IoT networks to detect intrusions via software defined network technologies. Specifically, FT-GCN first takes the time correlation of traffic flows into account to construct an interval-constrained traffic graph (ICTG). Besides, a Node-Level Spatial (NLS) attention mechanism is designed to further enhance the key statistical features of traffic flows in ICTG. Finally, the combined representation of statistical flow features and flow topological structure are learned by the cost-effective Topology Adaptive Graph Convolutional Networks (TAGCN) for intrusion identification in IoT networks. Extensive experiments are conducted on three real-world datasets, which demonstrate the effectiveness of the proposed FT-GCN compared to state-of-the-art approaches.

Tanzeela Altaf,Xu Wang,Wei Ni,Guangsheng Yu,Ren Ping Liu,Robin Braun

DOI: https://doi.org/10.3390/electronics13122274

IF: 2.9

2024-06-11

Electronics

Abstract:This research introduces a novel framework utilizing a sequential gated graph convolutional neural network (GGCN) designed specifically for botnet detection within Internet of Things (IoT) network environments. By capitalizing on the strengths of graph neural networks (GNNs) to represent network traffic as complex graph structures, our approach adeptly handles the temporal dynamics inherent to botnet attacks. Key to our approach is the development of a time-stamped multi-edge graph structure that uncovers subtle temporal patterns and hidden relationships in network flows, critical for recognizing botnet behaviors. Moreover, our sequential graph learning framework incorporates time-sequenced edges and multi-edged structures into a two-layered gated graph model, which is optimized with specialized message-passing layers and aggregation functions to address the challenges of time-series traffic data effectively. Our comparative analysis with the state of the art reveals that our sequential gated graph convolutional neural network achieves substantial improvements in detecting IoT botnets. The proposed GGCN model consistently outperforms the conventional model, achieving improvements in accuracy ranging from marginal to substantial—0.01% for BoT IoT and up to 25% for Mirai. Moreover, our empirical analysis underscores the GGCN's enhanced capabilities, particularly in binary classification tasks, on imbalanced datasets. These findings highlight the model's ability to effectively navigate and manage the varying complexity and characteristics of IoT security threats across different datasets.

engineering, electrical & electronic,physics, applied,computer science, information systems

Paul Irofti,Andrei Pătraşcu,Andrei Iulian Hîji

DOI: https://doi.org/10.48550/arXiv.2205.07109

IF: 5.414

2022-05-14

Machine Learning

Abstract:Cyberthreats are a permanent concern in our modern technological world. In the recent years, sophisticated traffic analysis techniques and anomaly detection (AD) algorithms have been employed to face the more and more subversive adversarial attacks. A malicious intrusion, defined as an invasive action intending to illegally exploit private resources, manifests through unusual data traffic and/or abnormal connectivity pattern. Despite the plethora of statistical or signature-based detectors currently provided in the literature, the topological connectivity component of a malicious flow is less exploited. Furthermore, a great proportion of the existing statistical intrusion detectors are based on supervised learning, that relies on labeled data. By viewing network flows as weighted directed interactions between a pair of nodes, in this paper we present a simple method that facilitate the use of connectivity graph features in unsupervised anomaly detection algorithms. We test our methodology on real network traffic datasets and observe several improvements over standard AD.

Ming-Tsung Kao,Dian-Ye Sung,Shang-Juh Kao,Fu-Min Chang

DOI: https://doi.org/10.3390/electronics11101531

IF: 2.9

2022-05-12

Electronics

Abstract:Unknown cyber-attacks have appeared constantly. Several anomaly detection techniques based on semi-supervised learning have been proposed to detect these unknown cyber-attacks. Among them, the Denoising Auto-Encoder (DAE) scheme performs better than others in accuracy but is not good enough in precision. This paper proposes a novel two-stage deep learning structure for network flow anomaly detection by combining the models of Gate Recurrent Unit (GRU) and DAE. By using supervised anomaly detection with a selection mechanism to assist semi-supervised anomaly detection, the precision and accuracy of the anomaly detection system are improved. In the proposed structure, we first use the GRU model to analyze the network flow and then take the outcome from the Softmax function as a confidence score. When the score is more than or equal to the predefined confidence threshold, the GRU model outputs the flow as a positive result, no matter the flow is classified as normal or abnormal. When the score is less than the confidence threshold, GRU model outputs the flow as a negative result and passes the flow to DAE model for flow classification. DAE then determines a reconstruction error threshold by learning the pattern of normal flows. Accordingly, the flow is normal or abnormal depending on whether it is under or over the reconstruction error threshold. A comparative experiment is performed using NSL-KDD dataset as benchmark. The results revealed that the precision using the proposed scheme is 0.83% better than DAE. The accuracy using the proposed approach is 90.21%, which is better than Random Forest, Naïve Bayes, One-Dimensional Convolutional Neural Network, two-stage Auto-Encoder, etc. In addition, the proposed approach is also applied to the environment of software defined network (SDN). By adopting our approach in SDN environment, the precision and F-measure are significantly improved.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chuanpu Fu,Qi Li,Ke Xu

DOI: https://doi.org/10.1109/tnet.2024.3370851

2024-01-01

IEEE/ACM Transactions on Networking

Abstract:Nowadays traffic on the Internet has been widely encrypted to protect its confidentiality and privacy. However, traffic encryption is always abused by attackers to conceal their malicious behaviors. Since encrypted malicious traffic is similar to benign flows, it can easily evade traditional detection. In particular, the existing encrypted traffic detection methods are supervised which rely on the prior knowledge of known attacks (e.g., labeled datasets). Detecting unknown encrypted malicious traffic, which does not require prior knowledge, is still an open problem. In this paper, we propose, an unsupervised machine learning (ML) based malicious traffic detection system. Particularly, is able to detect unknown patterns of encrypted malicious traffic by utilizing a graph built upon flow interaction patterns, instead of learning the features of specific known attacks. We develop an unsupervised graph learning method to detect abnormal interaction patterns by analyzing the graph features, which allows to detect unknown attacks without requiring any labeled datasets. Moreover, we establish an information theory model to prove the effectiveness of . We show the performance of by real-world experiments with 140 attacks. The experimental results illustrate that outperforms the state-of-the-art methods by 13.9% accuracy improvement. Moreover, achieves 15.82 Mpps detection throughput with the average detection latency of 0.29s.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Zeyi Li,Pan Wang,Zixuan Wang,De-chuan Zhan

DOI: https://doi.org/10.23919/cje.2022.00.173

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:In recent years, low recall rates and high dependencies on data labelling have become the biggest obstacle to developing deep anomaly detection (DAD) techniques. Inspired by the success of generative adversarial networks (GANs) in detecting anomalies in computer vision and imaging, we propose an anomaly detection model called FlowGANAnomaly for detecting anomalous traffic in network intrusion detection systems (NIDS). Unlike traditional GAN-based approaches, which are composed of a flow encoder, a convolutional encoder-decoder-encoder, a flow decoder and a convolutional encoder, the architecture of this model consists of a generator (G) and a discriminator (D). FlowGANAnomaly maps the different types of traffic feature data from separate datasets to a uniform feature space, thus can capture the normality of network traffic data more accurately in an adversarial manner to mitigate the problem of the high dependence on data labeling. Moreover, instead of simply detecting the anomalies by the output of D, we proposed a new anomaly scoring method that integrates the deviation between the output of two Gs' convolutional encoders with the output of D as weighted scores to improve the low recall rate of anomaly detection. We conducted several experiments comparing existing machine learning algorithms and existing deep learning methods (AutoEncoder and VAE) on four public datasets (NSL-KDD, CIC-IDS2017, CIC-DDoS2019, and UNSW-NB15). The evaluation results show that FlowGANAnomaly can significantly improve the performance of anomaly-based NIDS.

engineering, electrical & electronic

Thin Tharaphe THEIN,Yoshiaki SHIRAISHI,Masakatu MORII

DOI: https://doi.org/10.1587/transinf.2022ofp0004

2023-09-01

IEICE Transactions on Information and Systems

Abstract:With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.

computer science, information systems, software engineering

Anasuya Chattopadhyay,Daniel Reti,Hans D. Schotten

2024-05-22

Abstract:The early research report explores the possibility of using Graph Neural Networks (GNNs) for anomaly detection in internet traffic data enriched with information. While recent studies have made significant progress in using GNNs for anomaly detection in finance, multivariate time-series, and biochemistry domains, there is limited research in the context of network flow data. In this report, we explore the idea that leverages information-enriched features extracted from network flow packet data to improve the performance of GNN in anomaly detection. The idea is to utilize feature encoding (binary, numerical, and string) to capture the relationships between the network components, allowing the GNN to learn latent relationships and better identify anomalies.

Social and Information Networks,Cryptography and Security,Machine Learning

Huiling Shi,Wei Zhang,Lei Zhang,Kuichao Zhang,Hongyang Sun

DOI: https://doi.org/10.1109/NaNA60121.2023.00051

2023-08-01

Abstract:Detecting malicious attacks in normal network traffic is critical to network security. Traditional traffic identification methods often struggle to capture the complex communication patterns in network traffic, hindering their effectiveness. We introduce GraphMal, a framework utilizing Graph Neural Networks (GNNs) for the identification of malicious traffic. This approach effectively exploits network topology and traffic characteristics to improve performance. We first apply Pearson's correlation coefficient and random forest approaches to effectively reduce the dimensionality of the dataset. Then, the E-GraphSAGE algorithm is used to extract salient features from the traffic topology graph and construct a robust graph classifier. Additionally, the focal loss function is used to solve the data imbalance problem. Experiments conducted on the UNSW-NB15 dataset demonstrate GraphMal's remarkable performance in both binary and multi-class classification tasks, while improving the learning efficiency of GNNs.

Computer Science

Yulei Wu,Hong-Ning Dai,Haina Tang

DOI: https://doi.org/10.1109/jiot.2021.3094295

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) plays an important role in digital transformation of traditional industries toward Industry 4.0. By connecting sensors, instruments, and other industry devices to the Internet, IIoT facilitates the data collection, data analysis, and automated control, thereby improving the productivity and efficiency of the business as well as the resulting economic benefits. Due to the complex IIoT infrastructure, anomaly detection becomes an important tool to ensure the success of IIoT. Due to the nature of IIoT, graph-level anomaly detection has been a promising means to detect and predict anomalies in many different domains, such as transportation, energy, and factory, as well as for dynamically evolving networks. This article provides a useful investigation on graph neural networks (GNNs) for anomaly detection in IIoT-enabled smart transportation, smart energy, and smart factory. In addition to the GNN-empowered anomaly detection solutions on point, contextual, and collective types of anomalies, useful data sets, challenges, and open issues for each type of anomalies in the three identified industry sectors (i.e., smart transportation, smart energy, and smart factory) are also provided and discussed, which will be useful for future research in this area. To demonstrate the use of GNN in concrete scenarios, we show three case studies in smart transportation, smart energy, and smart factory, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qian Dang,Ajun Cui,Wenbo Shang,Chunhui Du,Chenyu Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/EEPS58791.2023.10257132

2023-01-01

Abstract:With the rapid development of computer and communication technology, the power Internet of Things has become an inevitable trend of intelligent and informatized power grid construction. However, the openness of the power Internet of Things makes it more vulnerable to cyber attacks and affects the normal operation of the power system. Therefore, in order to improve the stability of the power system, it is necessary to detect the abnormality of the traffic data generated by the network attack and give early warning of the attack in time. However, almost all existing network traffic anomaly detection methods are strongly dependent on labeled data, manually selected features, and balanced datasets. These methods are not only expensive, but also difficult to distinguish unknown abnormal types. This paper proposes a network traffic anomaly detection method based on autoencoder and attribute graph. This method is designed to learn generic abstract features by autoencoder and avoid the influence of manual features. Then the network traffic is abstracted into an attribute graph based on abstract features, and an anomaly detection model based on the attribute graph is designed to filter out anomalous traffic depending on topology and similarity. At last, the feasibility and effectiveness of the algorithm proposed is verified, on the two network traffic public datasets (NSL-KDD and CICIDS2017). Experimental result demonstrate that the model proposed in this paper has better detection performance compared with other state-of-the-art network traffic anomaly detection algorithms in unsupervised condition, which can be effectively used for imbalanced dataset.

Zhengqiang Yang,Junwei Tian,Ning Li

DOI: https://doi.org/10.1155/2022/4194714

2022-03-31

Mobile Information Systems

Abstract:In this paper, a flow graph anomaly detection framework based on unsupervised learning is proposed. Compared with traditional anomaly detection, graph anomaly detection faces some problems. Firstly, the training of a reasonable network embedding is challenging. Secondly, the information data in the real world is often dynamically changing. Thirdly, due to the lack of sufficient training labeled data in most cases, anomaly detection models can only use unsupervised learning methods. In order to resolve these problems, three modules in the framework are proposed in this paper: preprocessor, controller, and optimizer. Additionally, a reasonable negative sampling strategy is applied to generate negative samples to deal with the lack of labeled data. Finally, experiments on real-world data sets are conducted, and the experimental results show that the accuracy of the proposed method reaches 87.6%.

computer science, information systems,telecommunications

Junpeng He,Hanyue Kong,Shihe Zhang,Xiong Li,Weina Niu,Xiaosong Zhang,Fagen Li

DOI: https://doi.org/10.1109/icc51166.2024.10622440

2024-01-01

Abstract:Recently, deep learning (DL)-driven intrusion detection technology has been rising gradually to reduce the economic and privacy losses caused by the dramatic increase in cyber attacks. Besides exploiting the statistical network traffic features, the inherent attack topologies are also important as they are highly associated with attack behaviors. Thus, many works use graph neural networks (GNN) to make use of them to improve the detection performance. Nevertheless, these topologies contain many isolated IPs that interact with far fewer targets than other non-isolated IPs. Due to the message-passing scheme, information from isolated IPs is less likely to be transmitted in GNN training, resulting in poor model understanding of the traffic connecting these isolated IPs. Therefore, the performance of GNN-based intrusion detection models is not satisfactory for this traffic. To address this problem, we implement a generation algorithm with traffic functionality preservation to improve the performance of GNN-based intrusion detectors by locally augmenting this type of traffic. The proposed method first converts the IP-based graph of the traffic dataset into a line graph, and then utilizes a conditional denoising diffusion probabilistic model to generate new graph snapshots to enhance the expressiveness of isolated IP in GNN message aggregation. We evaluate the performance of our method and compare it with state-of-the-art works on three datasets, i.e., NF-BoT-IoT-V2, NF-ToN-IoT-V2, and NF-CSECIC-IDS2018-V2, and the results show it achieves accuracy of 99.11%(↑0.11%), 93.84%(↑2.47%), and 97.15%(↑3.94%), respectively. Case study shows that the proposed local augmentation can improve detection performance under different isolated thresholds. Moreover, our method can alleviate the over-smoothing problem to a certain extent, and the augmented traffic also possesses better quality.

Enyan Dai,Jie Chen

DOI: https://doi.org/10.48550/arXiv.2202.07857

IF: 5.414

2022-02-16

Machine Learning

Abstract:Anomaly detection is a widely studied task for a broad variety of data types; among them, multiple time series appear frequently in applications, including for example, power grids and traffic networks. Detecting anomalies for multiple time series, however, is a challenging subject, owing to the intricate interdependencies among the constituent series. We hypothesize that anomalies occur in low density regions of a distribution and explore the use of normalizing flows for unsupervised anomaly detection, because of their superior quality in density estimation. Moreover, we propose a novel flow model by imposing a Bayesian network among constituent series. A Bayesian network is a directed acyclic graph (DAG) that models causal relationships; it factorizes the joint probability of the series into the product of easy-to-evaluate conditional probabilities. We call such a graph-augmented normalizing flow approach GANF and propose joint estimation of the DAG with flow parameters. We conduct extensive experiments on real-world datasets and demonstrate the effectiveness of GANF for density estimation, anomaly detection, and identification of time series distribution drift.

Yingjie Zhou,Guangmin Hu,Weisong He

DOI: https://doi.org/10.1109/icccas.2009.5250514

2009-01-01

Abstract:Comprehensive collection and accurate description of traffic information are core problems in network traffic anomaly detection. Aiming at the lack of traffic anomaly detection in analyzing multi-time series, we propose a network traffic anomaly detection method based on graph mining. Our method accurately and completely describes the relationships among multi-time series which are used in traffic anomaly detection by time-series graph; by means of the support count of the patterns, our method mines all the frequent patterns,which is conducive to detecting many kinds of abnormal traffic effectively; through mining the relationships among all itemsets, our method introduces weight coefficients of the itemsets, which is able to solve relationship quantification issues of multi-time series in traffic anomaly detection. The simulation results show that the proposed method can effectively detect the network traffic anomaly and achieve a higher accuracy than the CWT-based (Continuous Wavelet Transform-based) method in term of DDos attacks detection.

Huidi Zhu,Jialiang Lu

DOI: https://doi.org/10.1109/globecom48099.2022.10001299

2022-01-01

Abstract:With the flood of different attacks in the network environment, the Network-based Intrusion Detection System (NIDS) has become an important tool to ensure information security. The quick development of neural networks has made it one of the main approaches for the implementation of NIDS. However, nowadays more sophisticated attacks have appeared and the analysis of a single traffic cannot ensure the detection of the attack. To make full use of the network traffic data, we proposed a flow-based NIDS using Graph Neural Network (GNN) to explore the structural information of the network and the correlation between traffics. We represented the traffic data in graph structure to capture the topological information and aggregated the general behavior of each node. Moreover, we introduced a discriminator to correct the data imbalance and to improve the flow representations. We evaluated our proposed model on three benchmark datasets. The experiment results showed that our model had improvements of performance in both binary classification tasks and multi-class classification tasks, which demonstrates the value of graph structure in the detection of some attacks.

Katie Buchhorn,Edgar Santos-Fernandez,Kerrie Mengersen,Robert Salomone

DOI: https://doi.org/10.12688/f1000research.136097.2

2024-03-28

F1000Research

Abstract:Background Water is the lifeblood of river networks, and its quality plays a crucial role in sustaining both aquatic ecosystems and human societies. Real-time monitoring of water quality is increasingly reliant on in-situ sensor technology. Anomaly detection is crucial for identifying erroneous patterns in sensor data, but can be a challenging task due to the complexity and variability of the data, even under typical conditions. This paper presents a solution to the challenging task of anomaly detection for river network sensor data, which is essential for accurate and continuous monitoring. Methods We use a graph neural network model, the recently proposed Graph Deviation Network (GDN), which employs graph attention-based forecasting to capture the complex spatio-temporal relationships between sensors. We propose an alternate anomaly threshold criteria for the model, GDN+, based on the learned graph. To evaluate the model’s efficacy, we introduce new benchmarking simulation experiments with highly-sophisticated dependency structures and subsequence anomalies of various types. We also introduce software called gnnad. Results We further examine the strengths and weaknesses of this baseline approach, GDN, in comparison to other benchmarking methods on complex real-world river network data. Conclusions Findings suggest that GDN+ outperforms the baseline approach in high-dimensional data, while also providing improved interpretability.

English Else

Renjie Xu,Guangwei Wu,Weiping Wang,Xing Gao,An He,Zhengpeng Zhang

2024-03-03

Abstract:Graph Neural Networks (GNNs) have garnered intensive attention for Network Intrusion Detection System (NIDS) due to their suitability for representing the network traffic flows. However, most present GNN-based methods for NIDS are supervised or semi-supervised. Network flows need to be manually annotated as supervisory labels, a process that is time-consuming or even impossible, making NIDS difficult to adapt to potentially complex attacks, especially in large-scale real-world scenarios. The existing GNN-based self-supervised methods focus on the binary classification of network flow as benign or not, and thus fail to reveal the types of attack in practice. This paper studies the application of GNNs to identify the specific types of network flows in an unsupervised manner. We first design an encoder to obtain graph embedding, that introduces the graph attention mechanism and considers the edge information as the only essential factor. Then, a self-supervised method based on graph contrastive learning is proposed. The method samples center nodes, and for each center node, generates subgraph by it and its direct neighbor nodes, and corresponding contrastive subgraph from the interpolated graph, and finally constructs positive and negative samples from subgraphs. Furthermore, a structured contrastive loss function based on edge features and graph local topology is introduced. To the best of our knowledge, it is the first GNN-based self-supervised method for the multiclass classification of network flows in NIDS. Detailed experiments conducted on four real-world databases (NF-Bot-IoT, NF-Bot-IoT-v2, NF-CSE-CIC-IDS2018, and NF-CSE-CIC-IDS2018-v2) systematically compare our model with the state-of-the-art supervised and self-supervised models, illustrating the considerable potential of our method. Our code is accessible through

Machine Learning,Cryptography and Security

A. A. Radhi,Luay Ibrahim Khalaf,Saadaldeen Rashid Ahmed,Omar Ayad Ismael,Sameer Algburi,Baydaa Alhamadani

DOI: https://doi.org/10.1145/3660853.3660932

2024-05-25

Abstract:An essential aspect of cybersecurity is the continuously growing threat landscape, which necessitates the use of advanced anomaly detection techniques in network data. The traditional approach might often be inadequate when it comes to addressing intricate cyber-security issues. Therefore, it is possible that deep learning approaches might be superior in terms of accuracy and performance. The primary objective of our study is to provide a novel algorithm that combines Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), autoencoders, and GANs to create a comprehensive strategy for detecting anomalies. This technique aims to solve research gaps that have not been previously explored. By using the MTA-KDD'19 dataset, our research enhances precision by achieving a remarkable accuracy rate of 95% in detecting various types of network traffic abnormalities. This discovery not only demonstrated the harmfulness of our deep learning-based approach but also highlighted the effectiveness of these measures in reducing the issue, particularly when faced with diverse threats. This enhances the development of network security procedures. CCS CONCEPTS • Computing methodologies∼ Artificial intelligence • Security and privacy∼Network security

Engineering,Computer Science