Improved bidirectional GAN-based approach for network intrusion detection using one-class classifier_CQU.pdf (1 MB)
Download file

Improved bidirectional GAN-based approach for network intrusion detection using one-class classifier

Download (1 MB)
journal contribution
posted on 22.11.2022, 03:13 authored by Wen Xu, Julian Jang-Jaccard, Tong Liu, Fariza SabrinaFariza Sabrina, Jin Kwak
Existing generative adversarial networks (GANs), primarily used for creating fake image samples from natural images, demand a strong dependence (i.e., the training strategy of the generators and the discriminators require to be in sync) for the generators to produce as realistic fake samples that can “fool” the discriminators. We argue that this strong dependency required for GAN training on images does not necessarily work for GAN models for network intrusion detection tasks. This is because the network intrusion inputs have a simpler feature structure such as relatively low dimension, discrete feature values, and smaller input size compared to the existing GAN-based anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads involved in excessive training. In our proposed method, the training iteration of the generator (and accordingly the encoder) is increased separate from the training of the discriminator until it satisfies the condition associated with the cross-entropy loss. Our empirical results show that this proposed training strategy greatly improves the performance of both the generator and the discriminator even in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network traffic based on binary classification results instead of calculating expensive and complex anomaly scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective to be used in network intrusion detection tasks and outperforms other similar generative methods on two datasets: NSL-KDD and CIC-DDoS2019 datasets.

History

Volume

11

Issue

6

Start Page

1

End Page

18

Number of Pages

18

eISSN

2073-431X

Publisher

MDPI

Additional Rights

CC BY 4.0

Language

en

Peer Reviewed

Yes

Open Access

Yes

Acceptance Date

24/05/2022

External Author Affiliations

Ajou University, Korea; Massey University, NZ

Era Eligible

Yes

Journal

Computers

Article Number

85