Detecting Network Transmission Anomalies using Autoencoders-SVM Neural Network on Multi-class NSL-KDD Dataset

As modern manufacturing shifts towards industry 4.0, mass adoption of vulnerable Internet-of-Things (IoT), Operational Technology (OT), and IT-OT convergence have precipitated the rise of malware. Accordingly, there is a need for a security mechanism that is both low-resource and highly accurate to address sophisticated attacks like zero-day and Mirai botnets. The study proposed a novel scheme that combined Deep Autoencoder (DAE) and Support Vector Machine (SVM); the hybrid scheme was tested on NSL-KDD: an imbalanced, multi-class, and high-dimensional dataset. We conducted a grid search analysis on L1 and L2 regularization to avoid overfitting and examined varying neural network formations to improve F1-micro and balance accuracy. The paper thoroughly evaluated all four attack classes within the NSL-KDD dataset: U2R, Denial of Service, R2L, and Probe. We demonstrated that DAE-SVM had a significant classification advantage over PCA-SVM; our model outperformed the baseline models at detecting low-frequency attacks with a micro-average score of 0.72 compared to 0.63 for PCA-SVM. To minimize computational overhead, we examined optimal feature fusion usage on Principal Component Analysis (PCA) and deep autoencoders. Our models, namely SVM, PCA-SVM, and DAE-SVM, were evaluated based on train and test times for rapid predictions. The DAE-SVM with L1 penalty was the model of choice for binary classes with a train and test time of 145 seconds, while DAE-SVM without any penalty term outperformed other models in the multi-class scenario delivering 142.62 seconds compared to 300 seconds for PCA-SVM.