Network Anomaly Detection Based on Burrows–Wheeler Transform and Variational Autoencoders

The effective automation of anomaly detectionmethods in network traffic analysis extends to a wide range of domains. It can be used in network performance monitoring and optimization, as well as in intrusion detection and prevention systems, where it plays a crucial role in real-time identification and mitigation of cyber threats. In this scenario, spotting previously unknown anomalous phenomena associated with zero-day attacks is an extremely challenging task.Accordingly, we present a simple unsupervised detection scheme leveraging the generalization power of Variational Autoencoder and able to support packet-based detection through a novel feature extraction approach using specific organizational properties of the Burrows– Wheeler transform. The resulting framework appears promising in complementing deep packet inspection practices in deep learning-based detection environments.