{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T17:18:52Z","timestamp":1780939132739,"version":"3.54.1"},"reference-count":63,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2021,5,19]],"date-time":"2021-05-19T00:00:00Z","timestamp":1621382400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"H2020 PHOENIX","award":["832989"],"award-info":[{"award-number":["832989"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.<\/jats:p>","DOI":"10.3390\/info12050215","type":"journal-article","created":{"date-parts":[[2021,5,19]],"date-time":"2021-05-19T12:58:07Z","timestamp":1621429087000},"page":"215","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":80,"title":["Network Traffic Anomaly Detection via Deep Learning"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2073-7961","authenticated-orcid":false,"given":"Konstantina","family":"Fotiadou","sequence":"first","affiliation":[{"name":"Synelixis Solutions S.A., 34100 Chalkida, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0362-4607","authenticated-orcid":false,"given":"Terpsichori-Helen","family":"Velivassaki","sequence":"additional","affiliation":[{"name":"Synelixis Solutions S.A., 34100 Chalkida, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Artemis","family":"Voulkidis","sequence":"additional","affiliation":[{"name":"Synelixis Solutions S.A., 34100 Chalkida, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dimitrios","family":"Skias","sequence":"additional","affiliation":[{"name":"Intrasoft International S.A., L-1253 Luxembourg, Luxembourg"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sofia","family":"Tsekeridou","sequence":"additional","affiliation":[{"name":"Intrasoft International S.A., 19002 Athens, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Theodore","family":"Zahariadis","sequence":"additional","affiliation":[{"name":"Synelixis Solutions S.A., 34100 Chalkida, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,5,19]]},"reference":[{"key":"ref_1","unstructured":"(2021, May 18). pfSense-World\u2019s Most Trusted Open Source Firewall. Available online: https:\/\/www.pfsense.org."},{"key":"ref_2","unstructured":"(2021, May 18). pfSense-Documentation. Available online: https:\/\/docs.netgate.com\/pfsense\/en\/latest\/."},{"key":"ref_3","unstructured":"(2021, May 18). Apache Spark. Available online: https:\/\/spark.apache.org\/docs\/latest\/streaming-programming-guide.html."},{"key":"ref_4","unstructured":"Kim, D.S., Nguyen, H.N., and Park, J.S. (2005, January 28\u201330). Genetic algorithm to improve SVM based network intrusion detection system. Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA\u201905) Volume 1 (AINA Papers), Taipei, Taiwan."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.procs.2016.06.047","article-title":"Random forest modeling for network intrusion detection system","volume":"89","author":"Farnaaz","year":"2016","journal-title":"Procedia Comput. Sci."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Sekar, R., Guang, Y., Verma, S., and Shanbhag, T. (1999, January 2\u20134). A high-performance network intrusion detection system. Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore.","DOI":"10.1145\/319709.319712"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s12083-017-0630-0","article-title":"Survey on SDN based network intrusion detection system using machine learning approaches","volume":"12","author":"Sultana","year":"2019","journal-title":"Peer-Peer Netw. Appl."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Samrin, R., and Vasumathi, D. (2017, January 15\u201316). Review on anomaly based network intrusion detection system. Proceedings of the 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), Mysuru, India.","DOI":"10.1109\/ICEECCOT.2017.8284655"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Kruegel, C., and Toth, T. (2003). Using decision trees to improve signature-based intrusion detection. International Workshop on Recent Advances in Intrusion Detection, Springer.","DOI":"10.1007\/978-3-540-45248-5_10"},{"key":"ref_10","first-page":"35","article-title":"Signature based intrusion detection system using SNORT","volume":"1","author":"Kumar","year":"2012","journal-title":"Int. J. Comput. Appl. Inf. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"949","DOI":"10.1007\/s10586-017-1117-8","article-title":"A survey of deep learning-based network anomaly detection","volume":"22","author":"Kwon","year":"2019","journal-title":"Clust. Comput."},{"key":"ref_12","first-page":"33","article-title":"Machine learning techniques for anomaly detection: An overview","volume":"79","author":"Omar","year":"2013","journal-title":"Int. J. Comput. Appl."},{"key":"ref_13","unstructured":"Ioulianou, P., Vasilakis, V., Moscholios, I., and Logothetis, M. (2018, January 11\u201313). A signature-based intrusion detection system for the Internet of Things. Proceedings of the Information and Communication Technology Forum (ICTF) 2018, Graz, Austria."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Ioulianou, P.P., and Vassilakis, V.G. (2019). Denial-of-service attacks and countermeasures in the RPL-based Internet of Things. Computer Security, Springer.","DOI":"10.1007\/978-3-030-42048-2_24"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1781","DOI":"10.1109\/JSAC.2006.877131","article-title":"Fast and scalable pattern matching for network intrusion detection systems","volume":"24","author":"Dharmapurikar","year":"2006","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"686","DOI":"10.1109\/COMST.2018.2847722","article-title":"A detailed investigation and analysis of using machine learning techniques for intrusion detection","volume":"21","author":"Mishra","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"18","author":"Buczak","year":"2015","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"406","DOI":"10.1016\/j.comcom.2020.02.008","article-title":"Machine learning models for secure data analytics: A taxonomy and threat model","volume":"153","author":"Gupta","year":"2020","journal-title":"Comput. Commun."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1613\/jair.3623","article-title":"Toward supervised anomaly detection","volume":"46","author":"Kloft","year":"2013","journal-title":"J. Artif. Intell. Res."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Yamanaka, Y., Iwata, T., Takahashi, H., Yamada, M., and Kanai, S. (2019). Autoencoding Binary Classifiers for Supervised Anomaly Detection. Pacific Rim International Conference on Artificial Intelligence, Springer.","DOI":"10.1007\/978-3-030-29911-8_50"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2806890","article-title":"Supervised anomaly detection in uncertain pseudoperiodic data streams","volume":"16","author":"Ma","year":"2016","journal-title":"ACM Trans. Internet Technol."},{"key":"ref_22","unstructured":"Akcay, S., Atapour-Abarghouei, A., and Breckon, T.P. (2018). Ganomaly: Semi-supervised anomaly detection via adversarial training. Asian Conference on Computer Vision, Springer."},{"key":"ref_23","unstructured":"Ruff, L., Vandermeulen, R.A., G\u00f6rnitz, N., Binder, A., M\u00fcller, E., M\u00fcller, K.R., and Kloft, M. (2019). Deep Semi-Supervised Anomaly Detection. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"8501683","DOI":"10.1155\/2017\/8501683","article-title":"A hybrid semi-supervised anomaly detection model for high-dimensional data","volume":"2017","author":"Song","year":"2017","journal-title":"Comput. Intell. Neurosci."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1016\/j.neucom.2017.04.070","article-title":"Unsupervised real-time anomaly detection for streaming data","volume":"262","author":"Ahmad","year":"2017","journal-title":"Neurocomputing"},{"key":"ref_26","unstructured":"Filimonov, V., Periorellis, P., Starostin, D., De Baynast, A., Akchurin, E., Klimov, A., Minka, T., and Spengler, A. (2017). Unsupervised Anomaly Detection for Arbitrary Time Series. (9,652,354), U.S. Patent."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.media.2019.01.010","article-title":"f-AnoGAN: Fast unsupervised anomaly detection with generative adversarial networks","volume":"54","author":"Schlegl","year":"2019","journal-title":"Med. Image Anal."},{"key":"ref_28","unstructured":"Zhang, C., Song, D., Chen, Y., Feng, X., Lumezanu, C., Cheng, W., Ni, J., Zong, B., Chen, H., and Chawla, N.V. (February, January 27). A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data. Proceedings of the AAAI Conference on Artificial Intelligence, Honolulu, HI, USA."},{"key":"ref_29","unstructured":"Gong, D., Liu, L., Le, V., Saha, B., Mansour, M.R., Venkatesh, S., and Hengel, A.v.d. (November, January 27). Memorizing normality to detect anomaly: Memory-augmented deep autoencoder for unsupervised anomaly detection. Proceedings of the IEEE International Conference on Computer Vision, Seoul, Korea."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Ran, J., Ji, Y., and Tang, B. (May, January 28). A Semi-Supervised learning approach to IEEE 802.11 network anomaly detection. Proceedings of the 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring), Kuala Lumpur, Malaysia.","DOI":"10.1109\/VTCSpring.2019.8746576"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1016\/j.proeng.2012.01.849","article-title":"Network anomaly detection by cascading k-Means clustering and C4.5 decision tree algorithm","volume":"30","author":"Muniyandi","year":"2012","journal-title":"Procedia Eng."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Aytekin, C., Ni, X., Cricri, F., and Aksu, E. (2018, January 8\u201313). Clustering and unsupervised anomaly detection with l 2 normalized deep auto-encoder representations. Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, Brazil.","DOI":"10.1109\/IJCNN.2018.8489068"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Papalexakis, E.E., Beutel, A., and Steenkiste, P. (2014). Network anomaly detection using co-clustering. Encyclopedia of Social Network Analysis and Mining, IEEE.","DOI":"10.1007\/978-1-4614-6170-8_354"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"3127","DOI":"10.1109\/TNNLS.2019.2935975","article-title":"Unsupervised anomaly detection with LSTM neural networks","volume":"31","author":"Ergen","year":"2019","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Truong-Huu, T., Dheenadhayalan, N., Pratim Kundu, P., Ramnath, V., Liao, J., Teo, S.G., and Praveen Kadiyala, S. (2020, January 5). An Empirical Study on Unsupervised Network Anomaly Detection using Generative Adversarial Networks. Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligence, Taipei Taiwan.","DOI":"10.1145\/3385003.3410924"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Bertero, C., Roy, M., Sauvanaud, C., and Tr\u00e9dan, G. (2017, January 23\u201326). Experience report: Log mining using natural language processing and application to anomaly detection. Proceedings of the 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), Toulouse, France.","DOI":"10.1109\/ISSRE.2017.43"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1017\/S1351324905004031","article-title":"Choosing the content of textual summaries of large time-series data sets","volume":"13","author":"Yu","year":"2007","journal-title":"Nat. Lang. Eng."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Weston, J., Ratle, F., Mobahi, H., and Collobert, R. (2012). Deep learning via semi-supervised embedding. Neural Networks: Tricks of the Trade, Springer.","DOI":"10.1007\/978-3-642-35289-8_34"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"106887","DOI":"10.1016\/j.knosys.2021.106887","article-title":"Network intrusion detection with a novel hierarchy of distances between embeddings of hash IP addresses","volume":"219","author":"Carro","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Yeh, C.K., Wu, W.C., Ko, W.J., and Wang, Y.C.F. (2017, January 4\u20139). Learning deep latent space for multi-label classification. Proceedings of the AAAI Conference on Artificial Intelligence, San Francisco, CA, USA.","DOI":"10.1609\/aaai.v31i1.10769"},{"key":"ref_41","unstructured":"Malhotra, P., Vig, L., Shroff, G., and Agarwal, P. (2015, January 22\u201324). Long short term memory networks for anomaly detection in time series. Proceedings of the Presses universitaires de Louvain, Bruges, Belgium."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","article-title":"A deep learning approach for intrusion detection using recurrent neural networks","volume":"5","author":"Yin","year":"2017","journal-title":"IEEE Access"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Fotiadou, K., Velivassaki, T.H., Voulkidis, A., Skias, D., De Santis, C., and Zahariadis, T. (2020). Proactive Critical Energy Infrastructure Protection via Deep Feature Learning. Energies, 13.","DOI":"10.3390\/en13102622"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Muhuri, P.S., Chatterjee, P., Yuan, X., Roy, K., and Esterline, A. (2020). Using a Long Short-Term Memory Recurrent Neural Network (LSTM-RNN) to Classify Network Attacks. Information, 11.","DOI":"10.3390\/info11050243"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Khan, M.A., Karim, M., and Kim, Y. (2019). A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry, 11.","DOI":"10.3390\/sym11040583"},{"key":"ref_46","unstructured":"O\u2019Shea, K., and Nash, R. (2015). An introduction to convolutional neural networks. arXiv."},{"key":"ref_47","unstructured":"Krizhevsky, A., Sutskever, I., and Hinton, G.E. (2012, January 3\u20136). Imagenet classification with deep convolutional neural networks. Proceedings of the Advances in Neural Information Processing Systems, Lake Tahoe, NV, USA."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Wang, J., Yang, Y., Mao, J., Huang, Z., Huang, C., and Xu, W. (2016, January 27\u201330). Cnn-rnn: A unified framework for multi-label image classification. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.251"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"1285","DOI":"10.1109\/TMI.2016.2528162","article-title":"Deep convolutional neural networks for computer-aided detection: CNN architectures, dataset characteristics and transfer learning","volume":"35","author":"Shin","year":"2016","journal-title":"IEEE Trans. Med. Imaging"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Kwon, D., Natarajan, K., Suh, S.C., Kim, H., and Kim, J. (2018, January 2\u20136). An empirical study on network anomaly detection using convolutional neural networks. Proceedings of the 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria.","DOI":"10.1109\/ICDCS.2018.00178"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"48231","DOI":"10.1109\/ACCESS.2018.2863036","article-title":"Enhanced network anomaly detection based on deep neural networks","volume":"6","author":"Naseer","year":"2018","journal-title":"IEEE Access"},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"148363","DOI":"10.1109\/ACCESS.2019.2946708","article-title":"Analysis of multi-types of flow features based on hybrid neural network for improving network anomaly detection","volume":"7","author":"Ma","year":"2019","journal-title":"IEEE Access"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1016\/j.neunet.2018.11.005","article-title":"A comparison of deep networks with ReLU activation function and linear spline-type methods","volume":"110","author":"Eckle","year":"2019","journal-title":"Neural Netw."},{"key":"ref_54","first-page":"593","article-title":"Incidents Information Sharing Platform for Distributed Attack Detection","volume":"1","author":"Fotiadou","year":"2020","journal-title":"IEEE Open J. Commun. Soc."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Gharehchopogh, F.S., and Khalifelu, Z.A. (2011, January 12\u201314). Analysis and evaluation of unstructured data: Text mining versus natural language processing. Proceedings of the 5th International Conference on Application of Information and Communication Technologies (AICT), Baku, Azerbaijan.","DOI":"10.1109\/ICAICT.2011.6111017"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Liang, X., Wang, X., Lei, Z., Liao, S., and Li, S.Z. (2017). Soft-margin softmax for deep classification. International Conference on Neural Information Processing, Springer.","DOI":"10.1007\/978-3-319-70096-0_43"},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1007\/BF00332914","article-title":"Accelerating the convergence of the back-propagation method","volume":"59","author":"Vogl","year":"1988","journal-title":"Biol. Cybern."},{"key":"ref_58","first-page":"2395","article-title":"A Review paper on pfsense\u2014An Open source firewall introducing with different capabilities & customization","volume":"3","author":"Patel","year":"2017","journal-title":"IJARIIE"},{"key":"ref_59","unstructured":"(2021, May 18). Suricata-Network Threat Detection Engine. Available online: https:\/\/suricata-ids.org\/."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5121\/ijdkp.2015.5201","article-title":"A Review on Evaluation Metrics for Data Classification Evaluations","volume":"5","author":"Hossin","year":"2015","journal-title":"Int. J. Data Min. Knowl. Manag. Process."},{"key":"ref_61","unstructured":"Zhang, Z., and Sabuncu, M. (2018, January 3\u20138). Generalized cross entropy loss for training deep neural networks with noisy labels. Proceedings of the Advances in Neural Information Processing Systems, Montreal, QC, USA."},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Sun, Y., Kamel, M.S., and Wang, Y. (2006, January 18\u201322). Boosting for Learning Multiple Classes with Imbalanced Class Distribution. Proceedings of the Sixth International Conference on Data Mining (ICDM\u201906), Hong Kong, China.","DOI":"10.1109\/ICDM.2006.29"},{"key":"ref_63","first-page":"215","article-title":"An improved random forest classifier for multi-class classification","volume":"3","author":"Chaudhary","year":"2016","journal-title":"Inf. Process. Agric."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/5\/215\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:03:51Z","timestamp":1760162631000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/5\/215"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,19]]},"references-count":63,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2021,5]]}},"alternative-id":["info12050215"],"URL":"https:\/\/doi.org\/10.3390\/info12050215","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,19]]}}}