Network Anomaly Detection Using Transfer Learning Based on Auto-Encoders Loss Normalization

Anomaly detection is a classic, long-term research problem. Previous attempts to solve it have used auto-encoders to learn a representation of the normal behaviour of networks and detect anomalies according to reconstruction loss. In this paper, we study the problem of anomaly detection in computer networks and propose the concept of "auto-encoder losses transfer learning". This approach normalizes auto-encoder losses in different model deployments, providing the ability to transform loss vectors of different networks with potentially significant varying characteristics, properties, and behaviors into a domain invariant representation. This is forwarded to a global detection model that can detect and classify threats in a generalized way that is agnostic to the specific network deployment, allowing for comprehensive network coverage.