Improved bidirectional GAN-based approach for network intrusion detection using one-class classifier_CQU.pdf (1 MB)
Download fileImproved bidirectional GAN-based approach for network intrusion detection using one-class classifier
journal contribution
posted on 2022-11-22, 03:13 authored by Wen Xu, Julian Jang-Jaccard, Tong Liu, Fariza SabrinaFariza Sabrina, Jin KwakExisting generative adversarial networks (GANs), primarily used for creating fake image samples from natural images, demand a strong dependence (i.e., the training strategy of the generators and the discriminators require to be in sync) for the generators to produce as realistic fake samples that can “fool” the discriminators. We argue that this strong dependency required for GAN training
on images does not necessarily work for GAN models for network intrusion detection tasks. This is because the network intrusion inputs have a simpler feature structure such as relatively low dimension, discrete feature values, and smaller input size compared to the existing GAN-based anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads involved in excessive training. In our proposed method, the training iteration of the generator (and accordingly the encoder) is increased separate from the training of the discriminator until it satisfies the condition associated with the cross-entropy loss. Our empirical results show that this proposed training strategy greatly improves the performance of both the generator and the discriminator even in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network
traffic based on binary classification results instead of calculating expensive and complex anomaly
scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective to be used in network intrusion detection tasks and outperforms other similar generative methods on two datasets: NSL-KDD and CIC-DDoS2019 datasets.
History
Volume
11Issue
6Start Page
1End Page
18Number of Pages
18eISSN
2073-431XPublisher
MDPIPublisher DOI
Full Text URL
Additional Rights
CC BY 4.0Language
enPeer Reviewed
- Yes
Open Access
- Yes
Acceptance Date
2022-05-24External Author Affiliations
Ajou University, Korea; Massey University, NZEra Eligible
- Yes