Unsupervised Network Anomaly Detection with Autoencoders and Traffic Images
Michael Neri, Sara Baldoni
TL;DR
This work introduces an image-based 2D representation of network traffic, enhanced by a connected active-pixel variant to reduce sparsity, and demonstrates unsupervised anomaly detection using lightweight autoencoders (AE and VAE) trained on 1-second traffic windows. By applying weighted BCE losses and ELBO optimization, coupled with a validation-driven anomaly threshold, the approach achieves high detection performance on the UGR'16 dataset with substantially lower model complexity than prior methods. The IC representation notably improves reconstruction-based detection, enabling competitive results against state-of-the-art while using far fewer parameters and computations. This combination offers a practical, scalable path for real-time network anomaly detection in heterogeneous environments.
Abstract
Due to the recent increase in the number of connected devices, the need to promptly detect security issues is emerging. Moreover, the high number of communication flows creates the necessity of processing huge amounts of data. Furthermore, the connected devices are heterogeneous in nature, having different computational capacities. For this reason, in this work we propose an image-based representation of network traffic which allows to realize a compact summary of the current network conditions with 1-second time windows. The proposed representation highlights the presence of anomalies thus reducing the need for complex processing architectures. Finally, we present an unsupervised learning approach which effectively detects the presence of anomalies. The code and the dataset are available at https://github.com/michaelneri/image-based-network-traffic-anomaly-detection.