This repository contains a modified version of the Deep SAD PyTorch implementation, adapted for Network Intrusion Detection Systems (NIDS) research, using the PyTorch implementation of the Deep SAD method presented in the ICLR 2020 paper ”Deep Semi-Supervised Anomaly Detection”.

This work was developed as part of my master's thesis in 2020, focusing on Network Intrusion Detection Systems (NIDS), specifically addressing anomaly detection in non-stationary settings using real network traffic. The core idea was to train to map benign traffic into a minimal volume hypersphere in the learned feature space, and mark as anomalous traffic lying outside those boundaries. I used Ray and Ax frameworks for distributed experiment scheduling and hyperparameter tuning respectively.

• Distributed Computing: Utilizes Ray for scalable distributed experiment execution

• Hyperparameter Optimization: Implements Ax for hyperparameter tuning and experiment management

• Network Traffic Processing: Custom data loaders and preprocessing pipelines for handling real network traffic data (CICFLOW, MAWILab, NSL-KDD)

This code is written in Python 3.7+ and requires the packages listed in requirements.txt.

To run the code, we recommend setting up a virtual environment, e.g. using virtualenv or conda:

cd <path-to-Deep-SAD-PyTorch-directory>
virtualenv myenv
source myenv/bin/activate
pip install -r requirements.txt

cd <path-to-Deep-SAD-PyTorch-directory>
conda create --name myenv python=3.7
conda activate myenv
pip install -r requirements.txt

For distributed computing and hyperparameter optimization:

pip install ray[tune] ax-platform

MIT