Nowadays attacks on computer networks continue to advance at a rate outpacing cyber defenders’ ability to write new attack signatures. This paper illustrates a deep learning methodology for the binary classification of the network traffic. The basic idea is to represent network flows as 2D images and use this imagery representation of the network traffic to train a Generative Adversarial Network (GAN) and a Convolutional Neural Network (CNN). The GAN is trained to produce new images of unforeseen network attacks by augmenting the training data used to learn a CNN-based intrusion detection model. The advantage is that the 2D data mapping technique used builds images of the network flows, which allow us to take advantage of deep learning architectures with convolution layers. In addition, the GAN-based data augmentation allows us to deal with the possible imbalance of malicious traffic that is commonly rarer than the normal traffic in the network traffic. Specifically, it is used to simulate unforeseen attacks to train a robust intrusion detection model. The proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on four benchmark datasets.

GAN augmentation to deal with imbalance in imaging-based intrusion detection

Andresini G.
;
Appice A.;De Rose L.;Malerba D.
2021-01-01

Abstract

Nowadays attacks on computer networks continue to advance at a rate outpacing cyber defenders’ ability to write new attack signatures. This paper illustrates a deep learning methodology for the binary classification of the network traffic. The basic idea is to represent network flows as 2D images and use this imagery representation of the network traffic to train a Generative Adversarial Network (GAN) and a Convolutional Neural Network (CNN). The GAN is trained to produce new images of unforeseen network attacks by augmenting the training data used to learn a CNN-based intrusion detection model. The advantage is that the 2D data mapping technique used builds images of the network flows, which allow us to take advantage of deep learning architectures with convolution layers. In addition, the GAN-based data augmentation allows us to deal with the possible imbalance of malicious traffic that is commonly rarer than the normal traffic in the network traffic. Specifically, it is used to simulate unforeseen attacks to train a robust intrusion detection model. The proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on four benchmark datasets.
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S0167739X21001382-main.pdf

non disponibili

Tipologia: Documento in Versione Editoriale
Licenza: NON PUBBLICO - Accesso privato/ristretto
Dimensione 2.1 MB
Formato Adobe PDF
2.1 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
MAGNETO (1).pdf

accesso aperto

Tipologia: Documento in Pre-print
Licenza: Creative commons
Dimensione 1.44 MB
Formato Adobe PDF
1.44 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11586/380665
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 99
  • ???jsp.display-item.citation.isi??? 71
social impact