Autoencoder-based IDS for cloud and mobile devices

Along with the popularization of cloud computing and the increase in responsibilities of mobile devices, there is a need for intrusion detection systems available for working in these two new areas. At the same time, the increase in computational power of mobile devices gives us the possibility to use them to do a part of data preprocessing. Similarly, more complex operations can be executed in the cloud - this concept is known as mobile cloud computing. In this paper, we propose an autoencoder-based intrusion detection system applicable to cloud and mobile environments. The system provides multiple data gathering points, allowing to monitor either fully controlled networks, like virtual networks in the cloud, or mobile devices scattered in different networks. The monitoring process uses both mobile devices and cloud computational power. Gathered network traffic records are sent to a proper intrusion detection node, which executes the detection process. In case of suspicious behavior, an alert of a possible intrusion can be sent to the device owner. The detection process is based on an autoencoder neural network, which brings significant advantages: an anomaly-based approach, training only on benign samples, and a good performance. To improve detection results, we created time-window-based features, and there is also a possibility to share computed statistics between intrusion detection nodes. In the experiments, we construct three models using pure network flows data and time-window-based features. The results show that the autoencoder-based approach can detect with a high performance attacks not known during the training process. We also prove that created derived features have a significant impact on detection results.