Deep Neural Network for Anomaly Detection

Vu, Ly Thi

Deep Neural Network for Anomaly Detection

Vu, Ly Thi

Permalink

Publication Type:: Thesis
Issue Date:: 2024

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

The embargo period expires on 19 Jul 2024

Adobe PDF

Download thesisAdobe PDF (4.4 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Vu, Ly Thi
dc.date.accessioned	2025-03-25T02:42:53Z
dc.date.available	2025-03-25T02:42:53Z
dc.date.issued	2024
dc.identifier.uri	http://hdl.handle.net/10453/186194
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	The rapid growth in diverse network devices (e.g., Internet of Things/IoT devices) and new cyber-physical systems (CPSs) services create new surfaces for cyberattacks. To safeguard these CPSs, anomaly detection (AD) that detects potential attacks/adversarial behaviors plays a pivotal role. This thesis aims to design novel deep neural models to handle four challenges of the AD problem to deal with new/unknown attacks, imbalanced data, the lack of labelled data, and the vulnerability to data poisoning attacks. First, to detect new/unknown anomalies (attacks) effectively, the thesis proposes a novel representation learning method, i.e., AutoEncoders (AEs) based models, that better represents unknown attacks, facilitating supervised learning-based AD methods. An AE consists of an encoder and a decoder component. The encoder compresses the input data into a lower-dimension representation, while the decoder attempts to reconstruct the original input from this compressed representation. Specifically, we develop three regularized AEs variants to learn a latent representation from the input data. In the new feature space, the normal and the attack data are more effectively separated. Therefore, the accuracy of detecting both known and unknown attacks is improved significantly. Second, the thesis introduces two deep generative models to handle the imbalanced data. The first model, Conditional Denoising Adversarial AutoEncoder (CDAAE), generates specific types of attack samples. The second model (CDAEE-KNN) is a hybrid of CDAAE and the K-nearest Neighbor algorithm to generate borderline attack samples. By training on the augmented datasets, the accuracy of the AD problems is enhanced significantly. Third, the thesis designs a Deep Transfer Learning (DTL) model to build an effective AD system from both labelled and unlabelled data. Specifically, we develop a DTL model based on two AEs. The first AutoEncoder (AE) is trained on the source datasets (source domains) in the supervised mode using the label information, and the second AE is trained on the target datasets (target domains) in an unsupervised manner without label information. As a result, the latent representation of the second AE can be used to detect attacks in the target domain effectively. Fourth, to reduce the influence of data poisoning attacks that are damaging and popular to low-end IoT devices, the thesis proposes a novel Federated Learning (FL) system with the Shrink Denoising AutoEncoder (FL-SDAE). The reconstruction term of the loss function helps Shrink Denoising AutoEncoder (SDAE) reconstruct the original data from its corrupted version. Therefore, the proposed SDAE model makes FL-SDAE robust to data poisoning attacks.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/186194/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2024 Ly Thi Vu
dc.rights	au.edu.uts.lib/cph
dc.title	Deep Neural Network for Anomaly Detection	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*
utslib.copyright.embargo	2024-07-19T00:00:00+1000

Abstract:

The rapid growth in diverse network devices (e.g., Internet of Things/IoT devices) and new cyber-physical systems (CPSs) services create new surfaces for cyberattacks. To safeguard these CPSs, anomaly detection (AD) that detects potential attacks/adversarial behaviors plays a pivotal role. This thesis aims to design novel deep neural models to handle four challenges of the AD problem to deal with new/unknown attacks, imbalanced data, the lack of labelled data, and the vulnerability to data poisoning attacks. First, to detect new/unknown anomalies (attacks) effectively, the thesis proposes a novel representation learning method, i.e., AutoEncoders (AEs) based models, that better represents unknown attacks, facilitating supervised learning-based AD methods. An AE consists of an encoder and a decoder component. The encoder compresses the input data into a lower-dimension representation, while the decoder attempts to reconstruct the original input from this compressed representation. Specifically, we develop three regularized AEs variants to learn a latent representation from the input data. In the new feature space, the normal and the attack data are more effectively separated. Therefore, the accuracy of detecting both known and unknown attacks is improved significantly. Second, the thesis introduces two deep generative models to handle the imbalanced data. The first model, Conditional Denoising Adversarial AutoEncoder (CDAAE), generates specific types of attack samples. The second model (CDAEE-KNN) is a hybrid of CDAAE and the K-nearest Neighbor algorithm to generate borderline attack samples. By training on the augmented datasets, the accuracy of the AD problems is enhanced significantly. Third, the thesis designs a Deep Transfer Learning (DTL) model to build an effective AD system from both labelled and unlabelled data. Specifically, we develop a DTL model based on two AEs. The first AutoEncoder (AE) is trained on the source datasets (source domains) in the supervised mode using the label information, and the second AE is trained on the target datasets (target domains) in an unsupervised manner without label information. As a result, the latent representation of the second AE can be used to detect attacks in the target domain effectively. Fourth, to reduce the influence of data poisoning attacks that are damaging and popular to low-end IoT devices, the thesis proposes a novel Federated Learning (FL) system with the Shrink Denoising AutoEncoder (FL-SDAE). The reconstruction term of the loss function helps Shrink Denoising AutoEncoder (SDAE) reconstruct the original data from its corrupted version. Therefore, the proposed SDAE model makes FL-SDAE robust to data poisoning attacks.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/186194