Towards Intrusion Detection Of Previously Unknown Network Attacks

Saif Alzubi, Frederic Theodor Stahl, Mohamed Medhat Gaber

In: Khalid Al-Begain , Mauro Iacono , Lelio Campanile , Andrzej Bargiela (Hrsg.). Proceedings of the 35th International ECMS International Conference on Modelling and Simulation. International Conference on Modelling and Simulation (ECMS-2021) May 31-June 2 Kuwait/Virtual Kuwait ISBN 978-3-937436-72-2 European Council for Modeling and Simulation 2021.


Advances in telecommunication network technologies have led to an ever more interconnected world. Accordingly, the types of threats and attacks to intrude or disable such networks or portions of it are continuing to develop likewise. Thus, there is a need to detect previously unknown attack types. Supervised techniques are not suitable to detect previously not encountered attack types. This paper presents a new ensemble-based Unknown Network Attack Detector (UNAD) system. UNAD proposes a training workflow composed of heterogeneous and unsupervised anomaly detection techniques, trains on attack-free data and can distinguish normal network flow from (previously unknown) attacks. This scenario is more realistic for detecting previously unknown attacks than supervised approaches and is evaluated on telecommunication network data with known ground truth. Empirical results reveal that UNAD can detect attacks on which the workflows have not been trained on with a precision of 75% and a recall of 80%. The benefit of UNAD with existing network attack detectors is, that it can detect completely new attack types that have never been encountered before.

ECMS_Conference_Paper_2021.pdf (pdf, 587 KB )

Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence