In today’s digital age, network security is critical as billions of computers around the world are connected with each other over networks. Symantec’s Internet Security Threat Report indicates a 56% increase in the number of network attacks in 2019. Network anomaly detection (NAD) is an attempt to detect anomalous network traffic by observing traffic data over time to define what is “normal” traffic and pick out potentially anomalous behavior that differs in some way.
Signature-based or rule-based NAD is conventionally employed to identify anomalous behaviors, which can generally be divided into two categories based on the detection principle: (1) Flow-based method is to analyze a network connection session that may include the connection protocol, connection time, the total number of packets sent, and so forth; (2) Packet-based method is to analyze the content of each packet. However, signatures and rules are essentially insufficient for network threat detection because they can deal only with known attacks and what distinguishes anomalous behaviors from normal traffic are often subtle.
In recent years, deep learning methods have received much attention, since deep neural networks are able to learn complex patterns of anomalies directly from the network traffic data. However, network traffic data are real-world data compounded by properties such as large scale, noisy label, and class imbalance, making it a challenge for deep learning algorithms. For example, anomalies rarely occur and the majority is normal data (i.e. anomalies only typically occur 0.001-1% of the time), and learning from imbalanced data is still an open challenge.
Therefore, ZYELL-NCTU Network Anomaly Detection Challenge is a joint activity with the research teams from the ZYELL group and National Chiao Tung University. In this challenge, we release a million-scale dataset of real-world network traffic data for network anomaly detection and aim at leveraging solutions across industrial and academic communities to help advance the field of network security.