Nowadays attacks on computer networks continue to advance at a rate outpacing cyber defenders’ ability to write new attack signatures. This paper illustrates a deep learning methodology for the binary classification of the network traffic. The basic idea is to represent network flows as 2D images and use this imagery representation of the network traffic to train a Generative Adversarial Network (GAN) and a Convolutional Neural Network (CNN). The GAN is trained to produce new images of unforeseen network attacks by augmenting the training data used to learn a CNN-based intrusion detection model. The advantage is that the 2D data mapping technique used builds images of the network flows, which allow us to take advantage of deep learning architectures with convolution layers. In addition, the GAN-based data augmentation allows us to deal with the possible imbalance of malicious traffic that is commonly rarer than the normal traffic in the network traffic. Specifically, it is used to simulate unforeseen attacks to train a robust intrusion detection model. The proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on four benchmark datasets.
GAN augmentation to deal with imbalance in imaging-based intrusion detection
Andresini G.
;Appice A.;De Rose L.;Malerba D.
2021-01-01
Abstract
Nowadays attacks on computer networks continue to advance at a rate outpacing cyber defenders’ ability to write new attack signatures. This paper illustrates a deep learning methodology for the binary classification of the network traffic. The basic idea is to represent network flows as 2D images and use this imagery representation of the network traffic to train a Generative Adversarial Network (GAN) and a Convolutional Neural Network (CNN). The GAN is trained to produce new images of unforeseen network attacks by augmenting the training data used to learn a CNN-based intrusion detection model. The advantage is that the 2D data mapping technique used builds images of the network flows, which allow us to take advantage of deep learning architectures with convolution layers. In addition, the GAN-based data augmentation allows us to deal with the possible imbalance of malicious traffic that is commonly rarer than the normal traffic in the network traffic. Specifically, it is used to simulate unforeseen attacks to train a robust intrusion detection model. The proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on four benchmark datasets.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
