/RL-AnomalyDetection

Using RL for anomaly detection in NSL-KDD

Primary LanguageJupyter NotebookMIT LicenseMIT

AnomalyDetectionRL

Overview

Using Reinforcement Learning in order to detect anomalies and maybe a future response The dataset used is NSL-KDD with data of multiple anomalies

Using deep Q-Learning with keras/tensorflow to generate the network

Code associated with the paper: "Adversarial environment reinforcement learning algorithm for intrusion detection", G Caminero, M Lopez-Martin, B Carro, Computer Networks, 2019

Simple anomaly detection

  • Detects normal or anomaly
  • Train set in: AD.py
  • Test set in: test.py

Multiple anomaly detection (37+1 labels)

Type anomaly detection (4+1 labels)

  • Detects only the attack type between normal, DoS, Probe, R2L, U2R

  • Train set in: typeAD.py

  • Test set in: type_test.py

  • Train Dueling DDQN (tensorflow) in typeAD_tf.py

Adversarial/Multi Agent RL(AE-RL)

A3C

  • Train-Test in: A3CtypeAD.py
  • Summary in tensorboard: tensorboard --logdir=tmp

Notebooks