XTRUST-6G
Published October 3, 2025 | Version v1
Publication Open

A deep one-class classifier for network anomaly detection using autoencoders and one-class support vector machines

Authors/Creators

  • 1. University of Campania "Luigi Vanvitelli"
  • 2. ROR icon Information Technologies Institute
  • 3. Centre for Research and Technology Hellas: Thessaloniki, GR
  • 4. Centre for Research and Technology Hellas
  • 5. CERTH
  • 6. Centre for Research and Technology-Hellas

Description

In this study, we introduce a deep one-class classification model that is trained exclusively on flow-based benign network traffic data, with the goal of identifying attacks during inference. The proposed anomaly detection model consists of two steps, a One-Class Support Vector Machine (OC-SVM) and a deep AutoEncoder (AE). While autoencoders have shown great potential in anomaly detection, their effectiveness can be undermined by spurious network activity located on the boundaries of their discriminating capabilities, thus failing to identify malicious behavior. Our model leverages the topological structure of the OC-SVM to generate decision scores for each traffic flow, which are subsequently incorporated into an autoencoder as part of the input feature space.

Files

A deep one-class classifier for network anomaly detection using autoencoders and one-class support vector machines.pdf

Files (2.0 MB)

Additional details

Funding

European Commission
XTRUST-6G - Extended zero-trust and intelligent security for resilient and quantum-safe 6G networks and services 101192749
European Commission
Waterverse - Water Data Management Ecosystem for Water Data Spaces 101070262