Unsupervised Anomaly Detection Approach for Cyberattack Identification

With the increasing amount of devices connected to the huge net known as the internet, it is not surprising the corresponding growth of cyber attacks. The era of the Internet of Things (IoT) has proved to be an environment in which malicious activities have been able to proliferate with great comfort. Due to this kind of threat, having powerful machine learning-based classifiers is almost a critical need nowadays. Besides, to properly face new and previously unseen attacks unsupervised learners need to be involved. An unsupervised network threat detector is provided in this work. The proposed approach is based on three steps. The main one is a novel anomaly score, which relies on modeling the tails of the empirical distributions and on an interpretation of the well-known Bayes theorem. A step for an unsupervised feature selection and another one for data reduction are also considered, both aimed at gaining robustness of the procedure. All three steps are in a completely unsupervised way, facilitating an ad hoc scenario deploying. The whole method showed good performance reaching 98.44%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$98.44\%$$\end{document} and 98.14%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$98.14\%$$\end{document} in the F1-score over different datasets. The obtained results are competitive with other state-of-the-art methods.