NADSR: A Network Anomaly Detection Scheme Based on Representation

Deep learning has been widely used for identifying anomaly network traffic. It trains supervised classifiers on a pre-screened numerical traffic feature dataset in the most cases, so the classification effectiveness depends heavily on feature representation. There is no unified feature representation method, and the current feature representation methods cannot profile traffic precisely. Therefore, how to design a traffic feature representation method to profile traffic is challenging. We propose a Network Anomaly Detection Scheme based on data Representation (NADSR). Data representation method converts raw network traffic into images by treating every numerical feature value as an image pixel and then creating a circulant pixel matrix for a traffic sample. It retains the traffic feature's spatial structure instead of padding empty pixels with constant values while directly reshaping a long feature vector into a pixel matrix. Experimental results verify the effectiveness of the proposed NADSR. It improves the overall detection accuracy compared with state-of-the-art methods, and also provides reference to solve security-related classification problems.