Network Intrusion Detection with Autoencoder
Board Location: #129
Discipline: Computer Sciences and Information Management
Session: 3
Kaiya Jones - Tuskegee University
Co-Author(s): Jazmyn Jenkins, Tuskegee University, AL; Xiao Chang, Tuskegee University, AL
Detecting anomalies in network traffic is critical for ensuring cybersecurity in an era of increasing digital threats. Cyberattacks, such as unauthorized access or data theft, can cause significant harm to individuals and organizations. There are challenges in identifying malicious activities such as unauthorized access, data breaches, and denial-of-service attacks. Traditional detection methods often struggle to keep up with evolving threats, making it necessary to develop smarter, more adaptable systems using machine learning. Network Intrusion Detection Systems (NIDS) help identify unusual patterns in traffic that may indicate malicious activities. This research presents an autoencoder-based machine learning approach for identifying network intrusions. The study focuses on leveraging unsupervised learning to differentiate normal network behavior from potentially harmful anomalies.
A custom autoencoder architecture was implemented, consisting of a multi-layer encoder to compress data into latent representations and a decoder to reconstruct input features. The model was trained solely on normal network traffic to minimize reconstruction loss for legitimate data. Anomalies were identified by evaluating reconstruction errors exceeding a defined threshold. The KDDCup99 dataset was used in this study. The dataset contains 42 attributes describing network connections, each labeled as “normal” or a specific type of attack. The dataset’s objective is to train predictive models capable of distinguishing between “bad” connections (intrusions) and “good” (normal) traffic. The dataset was preprocessed through feature selection, normalization, and binary encoding to enhance compatibility with the autoencoder. An 80/20 split was applied, dividing the data into a training set comprising 80% of the instances and a test set containing the remaining 20%. The training set was further filtered to include only normal traffic, enabling the autoencoder to learn the normal data distribution. The test set included both normal and anomalous traffic to evaluate the model’s performance in detecting intrusions. This preprocessing and split ensured that the model was appropriately trained and tested under realistic conditions.
With a threshold set at 0.0011. The model achieved a precision of 53.5%, recall of 27.9%, and an F1-score of 36.67%. These metrics were computed to comprehensively evaluate model performance, underscoring the challenges and opportunities in leveraging unsupervised learning for network intrusion detection. Experimental results indicate that the autoencoder effectively reconstructs normal traffic.
This approach demonstrates the potential of unsupervised learning techniques for scalable and automated network security applications. Future work will focus on real-time deployment and adaptive learning to address the dynamic nature of cyber threats.
Funder Acknowledgement(s): This project is supported by NSF HBCU-UP program under award #2306141 and NSF S-STEM program under award #2221115.
Faculty Advisor: Xiao Chang, xchang@tuskegee.edu
Role: I contributed to multiple aspects of the project, from coding to data processing and model development. I specifically focused on designing and implementing the autoencoder model using Python, ensuring that the KDD-99 dataset was preprocessed correctly for training. My work also involved experimenting with different configurations of the model to improve performance in detecting network intrusions. Through trial and error, I continuously optimize the model’s ability to differentiate between normal and malicious traffic, providing valuable insights for network security applications.

