Network Intrusion Detection by Variational Component-Based Feature Saliency Gaussian Mixture Clustering

Anomaly detection is a core function of the network intrusion detection system, and due to the high volume and dimensionality of network data, clustering is an important technique for anomaly detection in unsupervised machine learning. In this paper, we propose a clustering approach for anomaly detection on network traffic flow data. For profiling normal traffic, we apply the component-based feature saliency Gaussian mixture model. We then present a variational learning algorithm which can simultaneously optimize over the number of components, the saliencies of the features for each component, and the parameters of the mixture model. The preliminary experiments on a network intrusion dataset demonstrate the satisfying performance achieved by both our method on its own and with a data preprocessing using the auto-encoder.