Hongwei Ding,Yu Sun,Nana Huang,Xiaohui Cui,Zhidong Shen

DOI: https://doi.org/10.1109/tifs.2023.3331240

IF: 7.231

2023-12-05

IEEE Transactions on Information Forensics and Security

Abstract:Internet of Things (IoT) devices are large in number, widely distributed, weak in protection ability, and vulnerable to various malicious attacks. Intrusion detection technology can provide good protection for network equipment. However, the normal traffic and abnormal traffic in the network are usually imbalanced. Imbalanced samples will seriously affect the performance of machine learning detection algorithm. Therefore, this paper proposes an intrusion detection method based on data augmentation, namely TMG-IDS. We name the proposed data augmentation model TMG-GAN, which is a data augmentation method based on generative adversarial networks (GAN). First, TMG-GAN has a multi-generator structure, which can be used to generate different types of attack data simultaneously. Second, we increase the classifier structure, which can optimize the generator and discriminator more efficiently based on the classification loss. Third, we calculate the cosine similarity between the generated samples and the original samples and other types of generated samples as a generator loss, which can further improve the quality of generated samples and reduce the class overlap area between the distributions of various generated samples. We conduct extensive experiments on two intrusion detection datasets, CICIDS2017 and UNSW-NB15. The experimental results show that compared with the advanced oversampling algorithm and the latest intrusion detection algorithm, the proposed TMG-IDS method has a good detection effect under the three indicators of Precision, Recall and F1-score.

computer science, theory & methods,engineering, electrical & electronic

Junkun Yuan,Shaofang Zhou,Lanfen Lin,Feng Wang,Jia Cui

DOI: https://doi.org/10.3233/faia200388

2020-01-01

Abstract:For efficient malware detection, there are more and more deep learning methods based on raw software binaries. Recent studies show that deep learning models can easily be fooled to make a wrong decision by introducing subtle perturbations to inputs, which attracts a large influx of work in adversarial attacks. However, most of the existing attack methods are based on manual features (e.g., API calls) or in the white-box setting, making the attacks impractical in current real-world scenarios. In this work, we propose a novel attack framework called GAPGAN, which generates adversarial payloads (padding bytes) with generative adversarial networks (GANs). To the best of our knowledge, it is the first work that performs endto-end black-box attacks at the byte-level against deep learning based malware binaries detection. In our attack framework, we map input discrete malware binaries to continuous space, then feed it to the generator of GAPGAN to generate adversarial payloads. We append payloads to the original binaries to craft an adversarial sample while preserving its functionality. We propose to use a dynamic threshold for reducing the loss of the effectiveness of the payloads when mapping it from continuous format back to the original discrete format. For balancing the attention of the generator to the payloads and the adversarial samples, we use an automatic weight tuning strategy. We train GAPGAN with both malicious and benign software. Once the training is finished, the generator can generate an adversarial sample with only the input malware in less than twenty milliseconds. We apply GAPGAN to attack the state-of-the-art detector MalConv and achieve 100% attack success rate with only appending payloads of 2.5% of the total length of the data for detection. We also attack deep learning models with different structures under different defense methods. The experiments show that GAPGAN outperforms other state-of-the-art attack models in efficiency and effectiveness.

Yamarthi Narasimha Rao,Kunda Suresh Babu

DOI: https://doi.org/10.3390/s23010550

2023-01-03

Abstract:In modern networks, a Network Intrusion Detection System (NIDS) is a critical security device for detecting unauthorized activity. The categorization effectiveness for minority classes is limited by the imbalanced class issues connected with the dataset. We propose an Imbalanced Generative Adversarial Network (IGAN) to address the problem of class imbalance by increasing the detection rate of minority classes while maintaining efficiency. To limit the effect of the minimum or maximum value on the overall features, the original data was normalized and one-hot encoded using data preprocessing. To address the issue of the low detection rate of minority attacks caused by the imbalance in the training data, we enrich the minority samples with IGAN. The ensemble of Lenet 5 and Long Short Term Memory (LSTM) is used to classify occurrences that are considered abnormal into various attack categories. The investigational findings demonstrate that the proposed approach outperforms the other deep learning approaches, achieving the best accuracy, precision, recall, TPR, FPR, and F1-score. The findings indicate that IGAN oversampling can enhance the detection rate of minority samples, hence improving overall accuracy. According to the data, the recommended technique valued performance measures far more than alternative approaches. The proposed method is found to achieve above 98% accuracy and classifies various attacks significantly well as compared to other classifiers.

Xinxing Zhao,Kar Wai Fok,Vrizlynn L. L. Thing

2024-04-11

Abstract:Network intrusion detection systems (NIDS) play a pivotal role in safeguarding critical digital infrastructures against cyber threats. Machine learning-based detection models applied in NIDS are prevalent today. However, the effectiveness of these machine learning-based models is often limited by the evolving and sophisticated nature of intrusion techniques as well as the lack of diverse and updated training samples. In this research, a novel approach for enhancing the performance of an NIDS through the integration of Generative Adversarial Networks (GANs) is proposed. By harnessing the power of GANs in generating synthetic network traffic data that closely mimics real-world network behavior, we address a key challenge associated with NIDS training datasets, which is the data scarcity. Three distinct GAN models (Vanilla GAN, Wasserstein GAN and Conditional Tabular GAN) are implemented in this work to generate authentic network traffic patterns specifically tailored to represent the anomalous activity. We demonstrate how this synthetic data resampling technique can significantly improve the performance of the NIDS model for detecting such activity. By conducting comprehensive experiments using the CIC-IDS2017 benchmark dataset, augmented with GAN-generated data, we offer empirical evidence that shows the effectiveness of our proposed approach. Our findings show that the integration of GANs into NIDS can lead to enhancements in intrusion detection performance for attacks with limited training data, making it a promising avenue for bolstering the cybersecurity posture of organizations in an increasingly interconnected and vulnerable digital landscape.

Cryptography and Security

Wuxin Tian,Yanping Shen,Na Guo,Jing Yuan,Yanqing Yang

DOI: https://doi.org/10.3390/s24186035

IF: 3.9

2024-09-19

Sensors

Abstract:To address the class imbalance issue in network intrusion detection, which degrades performance of intrusion detection models, this paper proposes a novel generative model called VAE-WACGAN to generate minority class samples and balance the dataset. This model extends the Variational Autoencoder Generative Adversarial Network (VAEGAN) by integrating key features from the Auxiliary Classifier Generative Adversarial Network (ACGAN) and the Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP). These enhancements significantly improve both the quality of generated samples and the stability of the training process. By utilizing the VAE-WACGAN model to oversample anomalous data, more realistic synthetic anomalies that closely mirror the actual network traffic distribution can be generated. This approach effectively balances the network traffic dataset and enhances the overall performance of the intrusion detection model. Experimental validation was conducted using two widely utilized intrusion detection datasets, UNSW-NB15 and CIC-IDS2017. The results demonstrate that the VAE-WACGAN method effectively enhances the performance metrics of the intrusion detection model. Furthermore, the VAE-WACGAN-based intrusion detection approach surpasses several other advanced methods, underscoring its effectiveness in tackling network security challenges.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yanping Xu,Xiaoyu Zhang,Zhenliang Qiu,Xia Zhang,Jian Qiu,Hua Zhang

DOI: https://doi.org/10.1155/2021/9206440

IF: 1.968

2021-11-05

Security and Communication Networks

Abstract:Class imbalance is a common problem in network threat detection. Oversampling the minority class is regarded as a popular countermeasure by generating enough new minority samples. Generative adversarial network (GAN) is a typical generative model that can generate any number of artificial minority samples, which are close to the real data. However, it is difficult to train GAN, and the Nash equilibrium is almost impossible to achieve. Therefore, in order to improve the training stability of GAN for oversampling to detect the network threat, a convergent WGAN-based oversampling model called convergent WGAN (CWGAN) is proposed in this paper. The training process of CWGAN contains multiple iterations. In each iteration, the training epochs of the discriminator are dynamic, which is determined by the convergence of discriminator loss function in the last two iterations. When the discriminator is trained to convergence, the generator will then be trained to generate new minority samples. The experiment results show that CWGAN not only improve the training stability of WGAN on the loss smoother and closer to 0 but also improve the performance of the minority class through oversampling, which means that CWGAN can improve the performance of network threat detection.

computer science, information systems,telecommunications

Kawana Stalin,Mikias Berhanu Mekoya

2024-03-05

Abstract:Generative Adversarial Networks (GANs) have demonstrated their versatility across various applications, including data augmentation and malware detection. This research explores the effectiveness of utilizing GAN-generated data to train a model for the detection of Android malware. Given the considerable storage requirements of Android applications, the study proposes a method to synthetically represent data using GANs, thereby reducing storage demands. The proposed methodology involves creating image representations of features extracted from an existing dataset. A GAN model is then employed to generate a more extensive dataset consisting of realistic synthetic grayscale images. Subsequently, this synthetic dataset is utilized to train a Convolutional Neural Network (CNN) designed to identify previously unseen Android malware applications. The study includes a comparative analysis of the CNN's performance when trained on real images versus synthetic images generated by the GAN. Furthermore, the research explores variations in performance between the Wasserstein Generative Adversarial Network (WGAN) and the Deep Convolutional Generative Adversarial Network (DCGAN). The investigation extends to studying the impact of image size and malware obfuscation on the classification model's effectiveness. The data augmentation approach implemented in this study resulted in a notable performance enhancement of the classification model, ranging from 1.5% to 7%, depending on the dataset. The highest achieved F1 score reached 0.975.

Cryptography and Security,Artificial Intelligence

Naibo Zhu,Guangyu Zhao,Yang Yang,Han Yang,Zhi Liu

DOI: https://doi.org/10.1109/access.2023.3280421

IF: 3.9

2023-01-01

IEEE Access

Abstract:Using deep learning and machine learning techniques for network intrusion detection is of great significance for enhancing the defense capability of network security systems. Given the characteristics of generative adversarial networks, such as the approximate consistency of generated samples with the input data distribution but with a random distribution within a certain bounded interval, and in response to the problem of insufficient classification performance and detection omission caused by the imbalance of different degrees of data categories and quantities in network intrusion traffic, and in light of the fact that the effectiveness of existing classification algorithms based on unbalanced traffic data still has some room for improvement, this paper proposes a network intrusion detection strategy based on auxiliary classifier generative adversarial networks. The data expansion experiments are conducted with the intrusion detection dataset NSL-KDD. The data are classified into twenty-three categories before and after the expansion by binary classification validation. The results show that the expansion of the generated samples for unbalanced network traffic data improve the subsequent recognition effect significantly. Finally, five classification performance index verification experiments are conducted. The results prove that the strategy of this paper performs better in accuracy, precision, recall rate and F-value indexes, and is capable of obtaining a large number of features from limited samples and inferring complete data distribution based on fewer features. The model as a whole has stronger generalization ability and defense effect.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuokang Huang,Kai Lei

DOI: https://doi.org/10.1016/j.adhoc.2020.102177

IF: 4.816

2020-01-01

Ad Hoc Networks

Abstract:With the emergence of ever-advancing network threats, the guarantee of system security becomes increasingly crucial, especially in the dynamic and decentralized ad-hoc networks. One essential part of cybersecurity is intrusion detection, which identifies anomalous activities according to traffic patterns. However, the class-imbalanced data have caused a challenging problem where the number of abnormal samples is significantly lower than that of the normal ones. This class imbalance problem confines the performance of intrusion classifiers and results in low robustness to unknown anomalies. In this paper, we propose a novel Imbalanced Generative Adversarial Network (IGAN) to tackle the class imbalance problem. In the primary novelty of our model, we introduce an imbalanced data filter and convolutional layers to the typical GAN, generating new representative instances for minority classes. Further, an IGAN-based Intrusion Detection System, namely IGAN-IDS, is established to cope with class-imbalanced intrusion detection, using the instances generated by IGAN. Concretely, IGAN-IDS consists of three modules: feature extraction, IGAN, and deep neural network. First, we utilize a feed-forward neural network (FNN) to transform raw network attributes into feature vectors. Then, the IGAN generates new samples expressed in the latent space. Finally, the deep neural network, composed of convolutional layers and fully-connected layers, executes the final intrusion detection. We conduct experiments on three benchmark datasets to evaluate the performance of IGAN-IDS, comparing against 15 other methods. The experimental results demonstrate that our proposed IGAN-IDS outperforms the state-of-the-art approaches.

Mohammad Reza Abbaszadeh Bavil Soflaei,Arash Salehpour,Karim Samadzamini

DOI: https://doi.org/10.1007/s11227-024-06108-7

IF: 3.3

2024-04-12

The Journal of Supercomputing

Abstract:With the expansion of the Internet, Internet of Things devices, and related services, effective intrusion detection systems are vital in cybersecurity. This study presents a significant advancement in cybersecurity by leveraging ensemble learning techniques alongside generative adversarial networks, proposing a novel framework for network behavior classification using the UNSW-NB15 dataset. Similar to any other real-world dataset, the UNSW-NB15 dataset poses inherent challenges of data imbalance, with significantly fewer instances of intrusion compared to normal network behavior. Our main contribution to the existing literature is the introduction of a conditional tabular generative adversarial network (CTGAN), aimed at addressing the existing issue of data imbalance in the dataset. In previous approaches, this issue was often overlooked; however, the proposed framework achieves a substantial improvement in model performance by balancing this dataset. Through training three shallow binary classification algorithms (decision trees, logistic regression, and Gaussian naive Bayes) on both the CTGAN-balanced data and the original imbalanced dataset, we uncover remarkable improvements in identifying network intrusion. Our study employs a novel two-stage label-wise ensembling process, notably resulting in a final XGBoost meta-classifier. The ultimate achievement of our framework demonstrates 98% accuracy for binary classification and 95% for multi-class classification, outperforming existing state-of-the-art models. By offering a robust framework for effective intrusion detection, this work marks a substantial step forward in addressing data imbalance challenges within the UNSW-NB15 dataset.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Zhaogen Zhong,Cunxiang Xie,Xibo Tang

DOI: https://doi.org/10.1109/access.2024.3400213

IF: 3.9

2024-05-22

IEEE Access

Abstract:To solve the problem that the existing intrusion traffic detection models generally adopt machine learning algorithm and supervised deep learning algorithm, and the classification accuracy of model small samples is low, A unsupervised learning intrusion traffic classification model based on Wasserstein divergence objective for generative adversarial nets (WGAN-div) and information maximizing generative adversarial nets (Info GAN) is presented. The algorithm uses generative adversarial network to optimize the sampling of unbalanced data sets and effectively improves the feature extraction capability of small samples of the model. Firstly, the unbalanced data training set is oversampled by WGAN-div to improve the data distribution. Then, the non-data part is processed by independent thermal coding and integrated with the data part to reduce the complexity of pretreatment. Finally, the Info GAN model is used for data training. Performance evaluation and algorithm performance comparison were carried out in NSL-KDD, CICIDS2017 and UNSW-NB15 data sets. The experimental results show that the accuracy of multi-classification task is 91.1%, 97.1%, 79.9% respectively, and the accuracy of binary classification task is 90.9%, 96.9%, 86.1% respectively. Compared with the classical deep learning algorithm, the Info GAN model has higher accuracy and lower false positive rate, and has higher reliability and engineering application value.

computer science, information systems,telecommunications,engineering, electrical & electronic

Grace Deng,Cuize Han,Tommaso Dreossi,Clarence Lee,David S. Matteson

DOI: https://doi.org/10.48550/arXiv.2110.07460

2021-10-14

Abstract:Classification of large multivariate time series with strong class imbalance is an important task in real-world applications. Standard methods of class weights, oversampling, or parametric data augmentation do not always yield significant improvements for predicting minority classes of interest. Non-parametric data augmentation with Generative Adversarial Networks (GANs) offers a promising solution. We propose Imputation Balanced GAN (IB-GAN), a novel method that joins data augmentation and classification in a one-step process via an imputation-balancing approach. IB-GAN uses imputation and resampling techniques to generate higher quality samples from randomly masked vectors than from white noise, and augments classification through a class-balanced set of real and synthetic samples. Imputation hyperparameter $p_{miss}$ allows for regularization of classifier variability by tuning innovations introduced via generator imputation. IB-GAN is simple to train and model-agnostic, pairing any deep learning classifier with a generator-discriminator duo and resulting in higher accuracy for under-observed classes. Empirical experiments on open-source UCR data and proprietary 90K product dataset show significant performance gains against state-of-the-art parametric and GAN baselines.

Machine Learning

Caroline Strickland,Muhammad Zakar,Chandrika Saha,Sareh Soltani Nejad,Noshin Tasnim,Daniel J. Lizotte,Anwar Haque

DOI: https://doi.org/10.3390/s24092746

IF: 3.9

2024-04-26

Sensors

Abstract:Our increasingly connected world continues to face an ever-growing number of network-based attacks. An Intrusion Detection System (IDS) is an essential security technology used for detecting these attacks. Although numerous Machine Learning-based IDSs have been proposed for the detection of malicious network traffic, the majority have difficulty properly detecting and classifying the more uncommon attack types. In this paper, we implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our GAN model is trained on the NSL-KDD dataset, a publicly available collection of labeled network traffic data specifically designed to support the evaluation and benchmarking of IDSs. Ultimately, our findings demonstrate that training the DRL model on synthetic datasets generated by specific GAN models can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sairamvinay Vijayaraghavan,Terry Guan,Jason,Song

DOI: https://doi.org/10.48550/arXiv.2206.05840

2022-06-13

Abstract:The number of credit card fraud has been growing as technology grows and people can take advantage of it. Therefore, it is very important to implement a robust and effective method to detect such frauds. The machine learning algorithms are appropriate for these tasks since they try to maximize the accuracy of predictions and hence can be relied upon. However, there is an impending flaw where in machine learning models may not perform well due to the presence of an imbalance across classes distribution within the sample set. So, in many related tasks, the datasets have a very small number of observed fraud cases (sometimes around 1 percent positive fraud instances found). Therefore, this imbalance presence may impact any learning model's behavior by predicting all labels as the majority class, hence allowing no scope for generalization in the predictions made by the model. We trained Generative Adversarial Network(GAN) to generate a large number of convincing (and reliable) synthetic examples of the minority class that can be used to alleviate the class imbalance within the training set and hence generalize the learning of the data more effectively.

Machine Learning,Artificial Intelligence

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tase.2020.2998467

IF: 6.636

2020-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:The problem of fault classification in industry has been studied extensively. Most classification algorithms are modeled on the premise of data balance. However, the difficulty of collecting industrial data in different modes is quite different. This inevitably leads to data imbalance, which will adversely affect the fault classification performance. This article proposes a novel data augmentation classifier (DAC) for imbalanced fault classification. Data augmentation based on generative adversarial networks (GANs) is an effective way to solve the problem of unbalanced classification. However, the randomness of the GAN generation process restricts the effect of data enhancement. DAC proposes a data selection strategy based on data filtering and data purification in model training to solve this problem. In addition, DAC combines supervised learning and data generation processes to obtain an end-to-end model. Meanwhile, multigenerator structure of DAC (MDAC) is proposed to solve the problem of incomplete learning of a single generator when data imbalances get complicated. The proposed DAC and MDAC are applied in two fault classification cases of the Tennessee Eastman (TE) benchmark process, results of which show superiority of DAC and MDAC compared to existing methods. Note to Practitioners-Data imbalances are common in fault classification and affect the effectiveness of modeling in industry. As a generative model, generative adversarial networks (GANs) provide new ideas for small-class data augmentation. However, the instability of its training process and the randomness of data generation affect the results of data augmentation. In this article, the GAN generation process is analyzed in detail. The results of the visualization indicate that no data generation was perfect at any one time. Based on the rules of GAN data generation, we propose a data selection strategy during training. High-quality data are selected for data augmentation through data filtering and data purification. Apart from this, we combine the training process of GAN and classification model for imbalanced data to reduce modeling time. Through industrial examples, we have evaluated the effectiveness of this method.

Gaopeng Gou,Mingxin Cui,Junzheng Shi,G. Xiong,Zhen Li,Yu Guo

DOI: https://doi.org/10.1109/IJCNN52387.2021.9533942

2021-07-18

Abstract:As the mainstream in network traffic classification (NTC), machine learning (ML) based methods suffer performance degradation due to the imbalance distribution of Internet traffic. Data augmentation methods including the traditional oversampling techniques and the Generative Adversarial Network (GAN) based generation methods are most commonly used to counter the imbalance problem in NTC. However, the former is prone to overfitting and introducing noise. The latter overcomes the above weaknesses, but the quality of the generated traffic samples is difficult to judge. Besides, these methods all divide the imbalanced traffic classification problem into two subproblems, which cannot guarantee the global optimality. In this paper, we propose a GAN based Traffic Augmentation (TA-GAN) for imbalanced traffic classification. TA-GAN is an end-to-end framework that integrates the generation of the minority traffic samples with the training of the target classifier. We design the feedback mechanism to better guide the direction of the sample generation and simultaneously indicate the quality of the synthesized samples. Moreover, the existing deep learning-based NTC methods can be easily adapted to imbalance scenarios with TA-GAN. Comprehensive experiments on the public ISCXVPN2016 dataset demonstrate that TA-GAN effectively mitigates the influence of traffic imbalance (a maximum 14.64% improvement to the minority class' $F_{1}$ score) and outperforms the state-of-the-art methods.

Computer Science

Mu-Yen Chen,Hsiu-Sen Chiang,Wei-Kai Huang

DOI: https://doi.org/10.1109/tits.2022.3162395

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Rapid breakthroughs in information technologies have driven substantial developments in artificial intelligence applications, particularly the widespread use of deep learning techniques in domains such as speech, image and text recognition. However, real world data distribution applications suffer from significant problems including data imbalance which can easily lead to machine learning biased towards the side with more data, resulting in inaccurate classification or prediction results. Therefore, effectively addressing data imbalance is a pressing research topic. Generative Adversarial Networks (GAN) addresses data imbalance, but is prone to vanishing gradients. Recent work has thus focused on improving the GAN architecture to resolve this problem. The present research extends these efforts, applying C4.5, Random Forest, Support Vector Machine, K-Nearest Neighbor and Naïve Bayes classification algorithms to a single imbalanced traffic collision dataset to identify methods for improving prediction results. Experimental results show that classification performance significantly improves after data augmentation using Synthetic Minority Oversampling Technique, GAN, Conditional GAN, and Gaussian Discriminant Analysis GAN as compared with the non-augmented dataset. In addition, the Gaussian Discriminant Analysis GAN with Naïve Bayes classifier produces a dataset that optimizes classification performance for traffic accident prediction at highway intersections.

engineering, electrical & electronic,transportation science & technology, civil

Zengyu Cai,Hongyu Du,Haoqi Wang,Jianwei Zhang,Yajie Si,Pengrong Li

DOI: https://doi.org/10.3390/electronics12224653

IF: 2.9

2023-11-15

Electronics

Abstract:The imbalance between normal and attack samples in the industrial control systems (ICSs) network environment leads to the low recognition rate of the intrusion detection model for a few abnormal samples when classifying. Since traditional machine learning methods can no longer meet the needs of increasingly complex networks, many researchers use deep learning to replace traditional machine learning methods. However, when a large amount of unbalanced data is used for training, the detection performance of deep learning decreases significantly. This paper proposes an intrusion detection method for industrial control systems based on a 1D CWGAN. The 1D CWGAN is a network attack sample generation method that combines 1D CNN and WGAN. Firstly, the problem of low ICS intrusion detection accuracy caused by a few types of attack samples is analyzed. This method balances the number of various attack samples in the data set from the aspect of data enhancement to improve detection accuracy. According to the temporal characteristics of network traffic, the algorithm uses 1D convolution and 1D transposed convolution to construct the modeling framework of network traffic data of two competing networks and uses gradient penalty instead of weight cutting in the Wasserstein Generative Adversarial Network (WGAN) to generate virtual samples similar to real samples. After a large number of data sets are used for verification, the experimental results show that the method improves the classification performance of the CNN and BiSRU. For the CNN, after data balancing, the accuracy rate is increased by 0.75%, and the accuracy, recall rate and F1 are improved. Compared with the BiSRU without data processing, the accuracy of the s1D CWGAN-BiSRU is increased by 1.34%, and the accuracy, recall and F1 are increased by 7.2%, 3.46% and 5.29%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Qiankun Li,Juan Li,Yao Li,Feng Jiu,Yunxia Chu

DOI: https://doi.org/10.4018/ijitsa.343317

2024-05-10

International Journal of Information Technologies and Systems Approach

Abstract:A malicious traffic sample adaptive enhancement device based on Deep Convolutional Generative Adversarial Network (DCGAN) is designed to address the issue of imbalanced network traffic data distribution, aiming to enhance the accuracy and efficiency of anomaly detection. By leveraging generative adversarial network technology, this device can generate samples similar to real malicious traffic to balance the training dataset. It utilizes the generator and discriminator of the Deep Convolutional Generative Adversarial Network (DCGAN), combined with the residual network (ResNet) in the CNN model, to enhance the quality of generated samples. The device can switch states to adapt to various network environments and has been experimentally validated for its effectiveness and feasibility.Moreover, employing an adaptive device, the samples of malicious traffic are adjusted. Experimental analysis demonstrates that the device significantly enhances the accuracy of anomaly traffic detection, improves robustness, and provides robust support for network security protection.

Cheolhee Park,Jonghoon Lee,Youngsoo Kim,Jong-Geun Park,Hyunjin Kim,Dowon Hong

DOI: https://doi.org/10.1109/jiot.2022.3211346

IF: 10.6

2023-01-24

IEEE Internet of Things Journal

Abstract:As communication technology advances, various and heterogeneous data are communicated in distributed environments through network systems. Meanwhile, along with the development of communication technology, the attack surface has expanded, and concerns regarding network security have increased. Accordingly, to deal with potential threats, research on network intrusion detection systems (NIDSs) has been actively conducted. Among the various NIDS technologies, recent interest is focused on artificial intelligence (AI)-based anomaly detection systems, and various models have been proposed to improve the performance of NIDS. However, there still exists the problem of data imbalance, in which AI models cannot sufficiently learn malicious behavior and thus fail to detect network threats accurately. In this study, we propose a novel AI-based NIDS that can efficiently resolve the data imbalance problem and improve the performance of the previous systems. To address the aforementioned problem, we leveraged a state-of-the-art generative model that could generate plausible synthetic data for minor attack traffic. In particular, we focused on the reconstruction error and Wasserstein distance-based generative adversarial networks, and autoencoder-driven deep learning models. To demonstrate the effectiveness of our system, we performed comprehensive evaluations over various data sets and demonstrated that the proposed systems significantly outperformed the previous AI-based NIDS.