Xueluan Gong,Ziyao Wang,Shuaike Li,Yanjiao Chen,Qian Wang

DOI: https://doi.org/10.1109/tifs.2023.3295944

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the development of deep learning, deep neural network (DNN)-based application have become an indispensable aspect of daily life. However, recent studies have shown that these well-trained DNN models are vulnerable to model inversion attacks (MIAs), where attackers can recover their training data with high fidelity. Although several defensive strategies have been proposed to mitigate the impact of such attacks, existing defenses will inevitably compromise the model performance and are ineffective against more sophisticated attacks, such as Mirror (An et al., 2022). In this paper, we introduce a novel GAN-based defense approach against model inversion attacks. Unlike previous works that perturb the prediction vector of the model, we manipulate the training procedure of the victim model by incorporating carefully-designed GAN-based fake samples. We also adjust the loss of the inversed samples to inject misleading features into the protected label of the victim model. Additionally, we adopt the concept of continual learning to improve the utility of the model. Extensive experiments conducted on the CelebA, VGG-Face, and VGG-Face2 datasets demonstrate that our proposed method outperforms existing defenses against state-of-the-art model inversion attacks, including DMI (Chen et al., 2021), Mirror (An et al., 2022), Privacy (Fredrikson et al., 2014), and AMI (Yang et al., 2019). It is shown that our proposed method can also retain a high defense performance in black-box scenarios.

Junkun Yuan,Shaofang Zhou,Lanfen Lin,Feng Wang,Jia Cui

DOI: https://doi.org/10.3233/faia200388

2020-01-01

Abstract:For efficient malware detection, there are more and more deep learning methods based on raw software binaries. Recent studies show that deep learning models can easily be fooled to make a wrong decision by introducing subtle perturbations to inputs, which attracts a large influx of work in adversarial attacks. However, most of the existing attack methods are based on manual features (e.g., API calls) or in the white-box setting, making the attacks impractical in current real-world scenarios. In this work, we propose a novel attack framework called GAPGAN, which generates adversarial payloads (padding bytes) with generative adversarial networks (GANs). To the best of our knowledge, it is the first work that performs endto-end black-box attacks at the byte-level against deep learning based malware binaries detection. In our attack framework, we map input discrete malware binaries to continuous space, then feed it to the generator of GAPGAN to generate adversarial payloads. We append payloads to the original binaries to craft an adversarial sample while preserving its functionality. We propose to use a dynamic threshold for reducing the loss of the effectiveness of the payloads when mapping it from continuous format back to the original discrete format. For balancing the attention of the generator to the payloads and the adversarial samples, we use an automatic weight tuning strategy. We train GAPGAN with both malicious and benign software. Once the training is finished, the generator can generate an adversarial sample with only the input malware in less than twenty milliseconds. We apply GAPGAN to attack the state-of-the-art detector MalConv and achieve 100% attack success rate with only appending payloads of 2.5% of the total length of the data for detection. We also attack deep learning models with different structures under different defense methods. The experiments show that GAPGAN outperforms other state-of-the-art attack models in efficiency and effectiveness.

Andrei-Grigore Mari,Daniel Zinca,Virgil Dobrota

DOI: https://doi.org/10.3390/s23031315

IF: 3.9

2023-01-25

Sensors

Abstract:Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)—i.e., an architecture based on a deep-learning algorithm capable of creating generative models—was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xinxing Zhao,Kar Wai Fok,Vrizlynn L. L. Thing

2024-04-11

Abstract:Network intrusion detection systems (NIDS) play a pivotal role in safeguarding critical digital infrastructures against cyber threats. Machine learning-based detection models applied in NIDS are prevalent today. However, the effectiveness of these machine learning-based models is often limited by the evolving and sophisticated nature of intrusion techniques as well as the lack of diverse and updated training samples. In this research, a novel approach for enhancing the performance of an NIDS through the integration of Generative Adversarial Networks (GANs) is proposed. By harnessing the power of GANs in generating synthetic network traffic data that closely mimics real-world network behavior, we address a key challenge associated with NIDS training datasets, which is the data scarcity. Three distinct GAN models (Vanilla GAN, Wasserstein GAN and Conditional Tabular GAN) are implemented in this work to generate authentic network traffic patterns specifically tailored to represent the anomalous activity. We demonstrate how this synthetic data resampling technique can significantly improve the performance of the NIDS model for detecting such activity. By conducting comprehensive experiments using the CIC-IDS2017 benchmark dataset, augmented with GAN-generated data, we offer empirical evidence that shows the effectiveness of our proposed approach. Our findings show that the integration of GANs into NIDS can lead to enhancements in intrusion detection performance for attacks with limited training data, making it a promising avenue for bolstering the cybersecurity posture of organizations in an increasingly interconnected and vulnerable digital landscape.

Cryptography and Security

Zilong Lin,Yong Shi,Zhi Xue

DOI: https://doi.org/10.1007/978-3-031-05981-0_7

2018-01-01

Abstract:As an essential tool in security, the intrusion detection system bears the responsibility of the defense to network attacks performed by malicious traffic. Nowadays, with the help of machine learning algorithms, intrusion detection systems develop rapidly. However, the robustness of this system is questionable when it faces adversarial attacks. For the robustness of detection systems, more potential attack approaches are under research. In this paper, a framework of the generative adversarial networks, called IDSGAN, is proposed to generate the adversarial malicious traffic records aiming to attack intrusion detection systems by deceiving and evading the detection. Given that the internal structure and parameters of the detection system are unknown to attackers, the adversarial attack examples perform the black-box attacks against the detection system. IDSGAN leverages a generator to transform original malicious traffic records into adversarial malicious ones. A discriminator classifies traffic examples and dynamically learns the real-time black-box detection system. More significantly, the restricted modification mechanism is designed for the adversarial generation to preserve original attack functionalities of adversarial traffic records. The effectiveness of the model is indicated by attacking multiple algorithm-based detection models with different attack categories. The robustness is verified by changing the number of the modified features. A comparative experiment with adversarial attack baselines demonstrates the superiority of our model.

Zhipeng Liu,Junyi Hu,Yang Liu,Kaushik Roy,Xiaohong Yuan,Jinsheng Xu

DOI: https://doi.org/10.1109/access.2023.3307463

IF: 3.9

2023-09-01

IEEE Access

Abstract:Adversarial attacks have threatened the credibility of machine learning models and cast doubts over the integrity of data. The attacks have created much harm in the fields of computer vision, and natural language processing. In this paper, we focus on the adversarial attack, in particular the poisoning attack, against the network intrusion detection system (NIDS), which is often viewed as the first line of defense against cyber threats. We develop a generative adversarial network (GAN) in AIGAN, which uses deep learning techniques to generate adversarial data and to conduct an anomaly attack on IoT networks. To evaluate the effectiveness of our generator, we measure the similarities between real and fake data using the Jaccard similarity index, in addition comparing the F1-scores from four generic algorithms: multilayer perception, logistic regression, decision tree, random forest. We contrast the performance of ten machine learning classifiers experimented on two real IoT datasets and their fake adversarial samples. Our work highlights a vulnerable side of NIDS created by machine learning when attacked with adversarial perturbation.

computer science, information systems,telecommunications,engineering, electrical & electronic

Naibo Zhu,Guangyu Zhao,Yang Yang,Han Yang,Zhi Liu

DOI: https://doi.org/10.1109/access.2023.3280421

IF: 3.9

2023-01-01

IEEE Access

Abstract:Using deep learning and machine learning techniques for network intrusion detection is of great significance for enhancing the defense capability of network security systems. Given the characteristics of generative adversarial networks, such as the approximate consistency of generated samples with the input data distribution but with a random distribution within a certain bounded interval, and in response to the problem of insufficient classification performance and detection omission caused by the imbalance of different degrees of data categories and quantities in network intrusion traffic, and in light of the fact that the effectiveness of existing classification algorithms based on unbalanced traffic data still has some room for improvement, this paper proposes a network intrusion detection strategy based on auxiliary classifier generative adversarial networks. The data expansion experiments are conducted with the intrusion detection dataset NSL-KDD. The data are classified into twenty-three categories before and after the expansion by binary classification validation. The results show that the expansion of the generated samples for unbalanced network traffic data improve the subsequent recognition effect significantly. Finally, five classification performance index verification experiments are conducted. The results prove that the strategy of this paper performs better in accuracy, precision, recall rate and F-value indexes, and is capable of obtaining a large number of features from limited samples and inferring complete data distribution based on fewer features. The model as a whole has stronger generalization ability and defense effect.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jun Tu,Willies Ogola,Dehong Xu,Wei Xie

DOI: https://doi.org/10.46300/9106.2022.16.58

2022-01-13

Abstract:Due to the wireless nature of wireless sensor networks (WSN), the network can be deployed in most of the unattended environment, which makes the networks more vulnerable for attackers who may listen to the traffic and inject their own nodes in the sensor network. In our work, we research on a novel machine learning algorithm on intrusion detection based on reinforcement learning (RL) strategy using generative adversarial network (GAN) for WSN which can automatically detect intrusion or malicious attacks into the network. We combine Actor-Critic Algorithm in RL with GAN in a simulated WSN. The GAN is employed as part of RL environment to generate fake data with possible attacks, which is similar to the real data generated by the sensor networks. Its main aim is to confuse the adversarial network into differentiating between the real and fake data with possible attacks. The results that is from the experiments are based on environment of GAN and Network Simulator 3 (NS3) illustrate that Actor-Critic&GAN algorithm enhances security of the simulated WSN by protecting the networks data against adversaries and improves on the accuracy of the detection.

Cheolhee Park,Jonghoon Lee,Youngsoo Kim,Jong-Geun Park,Hyunjin Kim,Dowon Hong

DOI: https://doi.org/10.1109/jiot.2022.3211346

IF: 10.6

2023-01-24

IEEE Internet of Things Journal

Abstract:As communication technology advances, various and heterogeneous data are communicated in distributed environments through network systems. Meanwhile, along with the development of communication technology, the attack surface has expanded, and concerns regarding network security have increased. Accordingly, to deal with potential threats, research on network intrusion detection systems (NIDSs) has been actively conducted. Among the various NIDS technologies, recent interest is focused on artificial intelligence (AI)-based anomaly detection systems, and various models have been proposed to improve the performance of NIDS. However, there still exists the problem of data imbalance, in which AI models cannot sufficiently learn malicious behavior and thus fail to detect network threats accurately. In this study, we propose a novel AI-based NIDS that can efficiently resolve the data imbalance problem and improve the performance of the previous systems. To address the aforementioned problem, we leveraged a state-of-the-art generative model that could generate plausible synthetic data for minor attack traffic. In particular, we focused on the reconstruction error and Wasserstein distance-based generative adversarial networks, and autoencoder-driven deep learning models. To demonstrate the effectiveness of our system, we performed comprehensive evaluations over various data sets and demonstrated that the proposed systems significantly outperformed the previous AI-based NIDS.

He Zhang,Xingrui Yu,Peng Ren,Chunbo Luo,Geyong Min

DOI: https://doi.org/10.48550/arXiv.1901.07949

2019-01-23

Cryptography and Security

Abstract:Intrusion detection systems (IDSs) play an important role in identifying malicious attacks and threats in networking systems. As fundamental tools of IDSs, learning based classification methods have been widely employed. When it comes to detecting network intrusions in small sample sizes (e.g., emerging intrusions), the limited number and imbalanced proportion of training samples usually cause significant challenges in training supervised and semi-supervised classifiers. In this paper, we propose a general network intrusion detection framework to address the challenges of both \emph{data scarcity} and \emph{data imbalance}. The novelty of the proposed framework focuses on incorporating deep adversarial learning with statistical learning and exploiting learning based data augmentation. Given a small set of network intrusion samples, it first derives a Poisson-Gamma joint probabilistic generative model to generate synthesised intrusion data using Monte Carlo methods. Those synthesised data are then augmented by deep generative neural networks through adversarial learning. Finally, it adopts the augmented intrusion data to train supervised models for detecting network intrusions. Comprehensive experimental validations on KDD Cup 99 dataset show that the proposed framework outperforms the existing learning based IDSs in terms of improved accuracy, precision, recall, and F1-score.

Liu Guangrui,Zhang Weizhe,Li Xinjie,Fan Kaisheng,Yu Shui

DOI: https://doi.org/10.1007/s11432-021-3455-1

2022-01-01

Abstract:Machine learning-based network intrusion detection systems (ML-NIDS) are extensively used for network security against unknown attacks. Existing intrusion detection systems can effectively defend traditional network attacks, however, they face AI based threats. The current known AI attacks cannot balance the escape rate and attack effectiveness. In addition, the time cost of existing AI attacks is very high. In this paper, we propose a backdoor attack called VulnerGAN, which features high concealment, high aggressiveness, and high timeliness. The backdoor can make the specific attack traffic bypass the detection of ML-NIDS without affecting the performance of ML-NIDS in identifying other attack traffic. VulnerGAN uses generative adversarial networks (GAN) to calculate poisoning and adversarial samples based on machine learning model vulnerabilities. It can make traditional network attack traffic escape black-box online ML-NIDS. At the same time, model extraction and fuzzing test are used to enhance the convergence of VulnerGAN. Compared with the state-of-the-art algorithms, the VulnerGAN backdoor attack increases 33.28% in concealment, 18.48% in aggressiveness, and 46.32% in timeliness.

Dule Shu,Nandi O. Leslie,Charles A. Kamhoua,Conrad S. Tucker

DOI: https://doi.org/10.1145/3395352.3402618

2020-07-13

Abstract:Intrusion Detection Systems (IDS) are increasingly adopting machine learning (ML)-based approaches to detect threats in computer networks due to their ability to learn underlying threat patterns/features. However, ML-based models are susceptible to adversarial attacks, attacks wherein slight perturbations of the input features, cause misclassifications. We propose a method that uses active learning and generative adversarial networks to evaluate the threat of adversarial attacks on ML-based IDS. Existing adversarial attack methods require a large amount of training data or assume knowledge of the IDS model itself (e.g., loss function), which may not be possible in real-world settings. Our method overcomes these limitations by demonstrating the ability to compromise an IDS using limited training data and assuming no prior knowledge of the IDS model other than its binary classification (i.e., benign or malicious). Experimental results demonstrate the ability of our proposed model to achieve a 98.86% success rate in bypassing the IDS model using only 25 labeled data points during model training. The knowledge gained by compromising the ML-based IDS, can be integrated into the IDS in order to enhance its robustness against similar ML-based adversarial attacks.

Alexandro Marcelo Zacaron,Daniel Matheus Brandão Lent,Vitor Gabriel da Silva Ruffo,Luiz Fernando Carvalho,Mario Lemes Proença

DOI: https://doi.org/10.1007/s10922-024-09867-z

2024-09-14

Journal of Network and Systems Management

Abstract:Software-defined Networking (SDN) is a modern network management paradigm that decouples the data and control planes. The centralized control plane offers comprehensive control and orchestration over the network infrastructure. Although SDN provides better control over traffic flow, ensuring network security and service availability remains challenging. This paper presents an anomaly-based intrusion detection system (IDS) for monitoring and securing SDN networks. The system utilizes deep learning models to identify anomalous traffic behavior. When an anomaly is detected, a mitigation module blocks suspicious communications and restores the network to its normal state. Three versions of the proposed solution were implemented and compared: the traditional Generative Adversarial Network (GAN), Deep Convolutional GAN (DCGAN), and Wasserstein GAN with Gradient Penalty (WGAN-GP). These models were incorporated into the system's detection structure and tested on two benchmark datasets. The first is emulated, and the second is the well-known CICDDoS2019 dataset. The results indicate that the IDS adequately identified potential threats, regardless of the deep learning algorithm. Although the traditional GAN is a simpler model, it could still efficiently detect when the network was under attack and was considerably faster than the other models. Additionally, the employed mitigation strategy successfully dropped over 89% of anomalous flows in the emulated dataset and over 99% in the public dataset, preventing the effects of the threats from being accentuated and jeopardizing the proper functioning of the SDN network.

computer science, information systems,telecommunications

Yi Cui,Wenfeng Shen,Jian Zhang,Weijia Lu,Chuang Liu,Lin Sun,Si Chen

DOI: https://doi.org/10.48550/arXiv.2206.10400

2022-06-21

Cryptography and Security

Abstract:As an active network security protection scheme, intrusion detection system (IDS) undertakes the important responsibility of detecting network attacks in the form of malicious network traffic. Intrusion detection technology is an important part of IDS. At present, many scholars have carried out extensive research on intrusion detection technology. However, developing an efficient intrusion detection method for massive network traffic data is still difficult. Since Generative Adversarial Networks (GANs) have powerful modeling capabilities for complex high-dimensional data, they provide new ideas for addressing this problem. In this paper, we put forward an EBGAN-based intrusion detection method, IDS-EBGAN, that classifies network records as normal traffic or malicious traffic. The generator in IDS-EBGAN is responsible for converting the original malicious network traffic in the training set into adversarial malicious examples. This is because we want to use adversarial learning to improve the ability of discriminator to detect malicious traffic. At the same time, the discriminator adopts Autoencoder model. During testing, IDS-EBGAN uses reconstruction error of discriminator to classify traffic records.

DOI: https://doi.org/10.1007/s12243-024-01021-9

2024-03-28

Annals of Telecommunications

Abstract:There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8 against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.

telecommunications

Hongwei Ding,Yu Sun,Nana Huang,Xiaohui Cui,Zhidong Shen

DOI: https://doi.org/10.1109/tifs.2023.3331240

IF: 7.231

2023-12-05

IEEE Transactions on Information Forensics and Security

Abstract:Internet of Things (IoT) devices are large in number, widely distributed, weak in protection ability, and vulnerable to various malicious attacks. Intrusion detection technology can provide good protection for network equipment. However, the normal traffic and abnormal traffic in the network are usually imbalanced. Imbalanced samples will seriously affect the performance of machine learning detection algorithm. Therefore, this paper proposes an intrusion detection method based on data augmentation, namely TMG-IDS. We name the proposed data augmentation model TMG-GAN, which is a data augmentation method based on generative adversarial networks (GAN). First, TMG-GAN has a multi-generator structure, which can be used to generate different types of attack data simultaneously. Second, we increase the classifier structure, which can optimize the generator and discriminator more efficiently based on the classification loss. Third, we calculate the cosine similarity between the generated samples and the original samples and other types of generated samples as a generator loss, which can further improve the quality of generated samples and reduce the class overlap area between the distributions of various generated samples. We conduct extensive experiments on two intrusion detection datasets, CICIDS2017 and UNSW-NB15. The experimental results show that compared with the advanced oversampling algorithm and the latest intrusion detection algorithm, the proposed TMG-IDS method has a good detection effect under the three indicators of Precision, Recall and F1-score.

computer science, theory & methods,engineering, electrical & electronic

Milad Salem,Shayan Taheri,Jiann Shiun Yuan

DOI: https://doi.org/10.1109/UEMCON.2018.8796769

2018-12-12

Abstract:Generative adversarial networks have been able to generate striking results in various domains. This generation capability can be general while the networks gain deep understanding regarding the data distribution. In many domains, this data distribution consists of anomalies and normal data, with the anomalies commonly occurring relatively less, creating datasets that are imbalanced. The capabilities that generative adversarial networks offer can be leveraged to examine these anomalies and help alleviate the challenge that imbalanced datasets propose via creating synthetic anomalies. This anomaly generation can be specifically beneficial in domains that have costly data creation processes as well as inherently imbalanced datasets. One of the domains that fits this description is the host-based intrusion detection domain. In this work, ADFA-LD dataset is chosen as the dataset of interest containing system calls of small foot-print next generation attacks. The data is first converted into images, and then a Cycle-GAN is used to create images of anomalous data from images of normal data. The generated data is combined with the original dataset and is used to train a model to detect anomalies. By doing so, it is shown that the classification results are improved, with the AUC rising from 0.55 to 0.71, and the anomaly detection rate rising from 17.07% to 80.49%. The results are also compared to SMOTE, showing the potential presented by generative adversarial networks in anomaly generation.

Machine Learning,Cryptography and Security,Computer Vision and Pattern Recognition

Rahul Kale,Zhi Lu,Kar Wai Fok,Vrizlynn L. L. Thing

DOI: https://doi.org/10.48550/arXiv.2212.00966

2022-12-02

Cryptography and Security

Abstract:Cyber intrusion attacks that compromise the users' critical and sensitive data are escalating in volume and intensity, especially with the growing connections between our daily life and the Internet. The large volume and high complexity of such intrusion attacks have impeded the effectiveness of most traditional defence techniques. While at the same time, the remarkable performance of the machine learning methods, especially deep learning, in computer vision, had garnered research interests from the cyber security community to further enhance and automate intrusion detections. However, the expensive data labeling and limitation of anomalous data make it challenging to train an intrusion detector in a fully supervised manner. Therefore, intrusion detection based on unsupervised anomaly detection is an important feature too. In this paper, we propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.

Hongyu Chen,Li Jiang

DOI: https://doi.org/10.48550/arXiv.1904.02426

2019-07-24

Abstract:Ubiquitous anomalies endanger the security of our system constantly. They may bring irreversible damages to the system and cause leakage of privacy. Thus, it is of vital importance to promptly detect these anomalies. Traditional supervised methods such as Decision Trees and Support Vector Machine (SVM) are used to classify normality and abnormality. However, in some case the abnormal status are largely rarer than normal status, which leads to decision bias of these methods. Generative adversarial network (GAN) has been proposed to handle the case. With its strong generative ability, it only needs to learn the distribution of normal status, and identify the abnormal status through the gap between it and the learned distribution. Nevertheless, existing GAN-based models are not suitable to process data with discrete values, leading to immense degradation of detection performance. To cope with the discrete features, in this paper, we propose an efficient GAN-based model with specifically-designed loss function. Experiment results show that our model outperforms state-of-the-art models on discrete dataset and remarkably reduce the overhead.

Machine Learning,Cryptography and Security

Shuokang Huang,Kai Lei

DOI: https://doi.org/10.1016/j.adhoc.2020.102177

IF: 4.816

2020-01-01

Ad Hoc Networks

Abstract:With the emergence of ever-advancing network threats, the guarantee of system security becomes increasingly crucial, especially in the dynamic and decentralized ad-hoc networks. One essential part of cybersecurity is intrusion detection, which identifies anomalous activities according to traffic patterns. However, the class-imbalanced data have caused a challenging problem where the number of abnormal samples is significantly lower than that of the normal ones. This class imbalance problem confines the performance of intrusion classifiers and results in low robustness to unknown anomalies. In this paper, we propose a novel Imbalanced Generative Adversarial Network (IGAN) to tackle the class imbalance problem. In the primary novelty of our model, we introduce an imbalanced data filter and convolutional layers to the typical GAN, generating new representative instances for minority classes. Further, an IGAN-based Intrusion Detection System, namely IGAN-IDS, is established to cope with class-imbalanced intrusion detection, using the instances generated by IGAN. Concretely, IGAN-IDS consists of three modules: feature extraction, IGAN, and deep neural network. First, we utilize a feed-forward neural network (FNN) to transform raw network attributes into feature vectors. Then, the IGAN generates new samples expressed in the latent space. Finally, the deep neural network, composed of convolutional layers and fully-connected layers, executes the final intrusion detection. We conduct experiments on three benchmark datasets to evaluate the performance of IGAN-IDS, comparing against 15 other methods. The experimental results demonstrate that our proposed IGAN-IDS outperforms the state-of-the-art approaches.