Deep Adversarial Learning in Intrusion Detection: A Data Augmentation Enhanced Framework

Intrusion detection systems (IDSs) play an important role in identifying malicious attacks and threats in networking systems. As fundamental tools of IDSs, learning based classification methods have been widely employed. When it comes to detecting network intrusions in small sample sizes (e.g., emerging intrusions), the limited number and imbalanced proportion of training samples usually cause significant challenges in training supervised and semi-supervised classifiers. In this paper, we propose a general network intrusion detection framework to address the challenges of both \emph{data scarcity} and \emph{data imbalance}. The novelty of the proposed framework focuses on incorporating deep adversarial learning with statistical learning and exploiting learning based data augmentation. Given a small set of network intrusion samples, it first derives a Poisson-Gamma joint probabilistic generative model to generate synthesised intrusion data using Monte Carlo methods. Those synthesised data are then augmented by deep generative neural networks through adversarial learning. Finally, it adopts the augmented intrusion data to train supervised models for detecting network intrusions. Comprehensive experimental validations on KDD Cup 99 dataset show that the proposed framework outperforms the existing learning based IDSs in terms of improved accuracy, precision, recall, and F1-score.

[1]  W. Marsden I and J , 2012 .

[2]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[3]  Stochastic Relaxation , 2014, Computer Vision, A Reference Guide.

[4]  Li Ling Ko,et al.  Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic , 2018, IEEE/ACM Transactions on Networking.

[5]  Chih-Min Lin,et al.  Generative Adversarial Nets in Robotic Chinese Calligraphy , 2018, 2018 IEEE International Conference on Robotics and Automation (ICRA).

[6]  David G. Stork,et al.  Pattern Classification , 1973 .

[7]  Xingrui Yu,et al.  MCMC Based Generative Adversarial Networks for Handwritten Numeral Augmentation , 2017, CSPS.

[8]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[9]  Francis Minhthang Bui,et al.  A Game-Theoretic Framework for Robust Optimal Intrusion Detection in Wireless Sensor Networks , 2014, IEEE Transactions on Information Forensics and Security.

[10]  Jasmin Kevric,et al.  An effective combining classifier approach using tree algorithms for network intrusion detection , 2017, Neural Computing and Applications.

[11]  G. C. Wei,et al.  A Monte Carlo Implementation of the EM Algorithm and the Poor Man's Data Augmentation Algorithms , 1990 .

[12]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[13]  Geoffrey E. Hinton,et al.  On the importance of initialization and momentum in deep learning , 2013, ICML.

[14]  Seung Woo Son,et al.  Network intrusion detection using word embeddings , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[15]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[16]  Neil Genzlinger A. and Q , 2006 .

[17]  Eric Torng,et al.  Overlay Automata and Algorithms for Fast and Scalable Regular Expression Matching , 2016, IEEE/ACM Transactions on Networking.

[18]  Mario Lefebvre,et al.  Applied Stochastic Processes , 2006 .

[19]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[20]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[21]  M. A. Jabbar,et al.  Random Forest Modeling for Network Intrusion Detection System , 2016 .

[22]  Peter Green,et al.  Markov chain Monte Carlo in Practice , 1996 .

[23]  David G. Stork,et al.  Pattern Classification (2nd ed.) , 1999 .

[24]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[25]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[26]  Jiajun Wu,et al.  Learning a Probabilistic Latent Space of Object Shapes via 3D Generative-Adversarial Modeling , 2016, NIPS.

[27]  Geyong Min,et al.  Time Series Anomaly Detection for Trustworthy Services in Cloud Computing Systems , 2017, IEEE Transactions on Big Data.

[28]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[29]  Kevin P. Murphy,et al.  Machine learning - a probabilistic perspective , 2012, Adaptive computation and machine learning series.

[30]  Léon Bottou,et al.  Towards Principled Methods for Training Generative Adversarial Networks , 2017, ICLR.

[31]  Bo Li,et al.  The intrusion detection in mobile sensor network , 2012, TNET.

[32]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..