AnomalyDetectionRL
Overview
Using Reinforcement Learning in order to detect anomalies and maybe a future response The dataset used is NSL-KDD with data of multiple anomalies
Using deep Q-Learning with keras/tensorflow to generate the network
Code associated with the paper: "Adversarial environment reinforcement learning algorithm for intrusion detection", G Caminero, M Lopez-Martin, B Carro, Computer Networks, 2019
Simple anomaly detection
Multiple anomaly detection (37+1 labels)
- Detects each attack in the dataset
- Train set in: multiAD.py
- Test set in: multi_test.py
Type anomaly detection (4+1 labels)
-
Detects only the attack type between normal, DoS, Probe, R2L, U2R
-
Train set in: typeAD.py
-
Test set in: type_test.py
-
Train Dueling DDQN (tensorflow) in typeAD_tf.py
Adversarial/Multi Agent RL(AE-RL)
- Try to improve the inequality of attacks to produce better training
- Train set in: adversarialAD.py
- Test set in: adversarial_test.py
A3C
- Train-Test in: A3CtypeAD.py
- Summary in tensorboard:
tensorboard --logdir=tmp
Notebooks
- NSL-KDD adaption: AE_RL_NSL-KDD.ipnb
- AWID adaption: AE_RL_awid.ipnb