Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS

Packet-based network intrusion detection systems (NIDS) allow for real-time detection, making this research area crucial. This study compares autoencoder models for anomaly detection in packet-based NIDS. It presents a framework for implementing an autoencoder-based NIDS using packet data. A novel metric for reconstruction error in autoencoders is introduced. This metric is evaluated at different thresholds to compare how accurately it detects network traffic anomalies. The efficacy of autoencoder models is showcased across various network attacks and adversarial samples from public network intrusion data sets. This analysis emphasizes the strengths and limitations of different autoencoders for detecting anomalies in network traffic. The insights from this study provide valuable guidance to researchers and practitioners developing autoencoder-based network intrusion detection mechanisms.