SPE-ACGAN: A Resampling Approach for Class Imbalance Problem in Network Intrusion Detection Systems

Network Intrusion Detection Systems (NIDSs) play a vital role in detecting and stopping network attacks. However, the prevalent imbalance of training samples in network traffic interferes with NIDS detection performance. This paper proposes a resampling method based on Self-Paced Ensemble and Auxiliary Classifier Generative Adversarial Networks (SPE-ACGAN) to address the imbalance problem of sample classes. To deal with the class imbalance problem, SPE-ACGAN oversamples the minority class samples by ACGAN and undersamples the majority class samples by SPE. In addition, we merged the CICIDS-2017 dataset and the CICIDS-2018 dataset into a more imbalanced dataset named CICIDS-17-18 and validated the effectiveness of the proposed method using the three datasets mentioned above. SPE-ACGAN is more effective than other resampling methods in improving NIDS detection performance. In particular, SPE-ACGAN improved the F1-score of Random Forest, CNN, GoogLeNet, and CNN + WDLSTM by 5.59%, 3.75%, 3.60%, and 3.56% after resampling.

[1]  Dowon Hong,et al.  An Enhanced AI-Based Network Intrusion Detection System Using Generative Adversarial Networks , 2023, IEEE Internet of Things Journal.

[2]  Zhendong Wang,et al.  Network Intrusion Detection Model Based on Improved BYOL Self-Supervised Learning , 2021, Security and Communication Networks.

[3]  Punam Bedi,et al.  I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems , 2020, Appl. Intell..

[4]  Wei Shi,et al.  AESMOTE: Adversarial Reinforcement Learning With SMOTE for Anomaly Detection , 2020, IEEE Transactions on Network Science and Engineering.

[5]  Giancarlo Fortino,et al.  A hybrid deep learning model for efficient intrusion detection in big data environment , 2020, Inf. Sci..

[6]  J. Miguel-Alonso,et al.  Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases Process , 2020, IEEE Transactions on Network and Service Management.

[7]  JooHwa Lee,et al.  AE-CGAN Model based High Performance Network Intrusion Detection System , 2019, Applied Sciences.

[8]  Tie-Yan Liu,et al.  Self-paced Ensemble for Highly Imbalanced Massive Data Classification , 2019, 2020 IEEE 36th International Conference on Data Engineering (ICDE).

[9]  Robert A. Bridges,et al.  Situ: Identifying and Explaining Suspicious Behavior in Networks , 2019, IEEE Transactions on Visualization and Computer Graphics.

[10]  Guodong Han,et al.  LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network , 2018, Secur. Commun. Networks.

[11]  Michele Colajanni,et al.  On the effectiveness of machine and deep learning for cyber security , 2018, 2018 10th International Conference on Cyber Conflict (CyCon).

[12]  Kai Huang,et al.  Intrusion Detection Using Convolutional Neural Networks for Representation Learning , 2017, ICONIP.

[13]  Luiz Eduardo Soares de Oliveira,et al.  Toward a reliable anomaly-based intrusion detection in real-world environments , 2017, Comput. Networks.

[14]  Jaime Lloret,et al.  Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT , 2017, Sensors.

[15]  Jonathon Shlens,et al.  Conditional Image Synthesis with Auxiliary Classifier GANs , 2016, ICML.

[16]  Longbing Cao,et al.  Training deep neural networks on imbalanced data sets , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).

[17]  Jugal K. Kalita,et al.  A multi-step outlier-based anomaly detection approach to network-wide traffic , 2016, Inf. Sci..

[18]  Charu C. Aggarwal,et al.  Data Mining: The Textbook , 2015 .

[19]  Pascal Vincent,et al.  Contractive Auto-Encoders: Explicit Invariance During Feature Extraction , 2011, ICML.

[20]  Josef Kittler,et al.  A Multiple Expert Approach to the Class Imbalance Problem Using Inverse Random under Sampling , 2009, MCS.

[21]  L. Breiman Random Forests , 2001, Encyclopedia of Machine Learning and Data Mining.

[22]  Mohammad Mozumdar,et al.  A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network , 2021, IEEE Open Journal of the Computer Society.

[23]  Donato Malerba,et al.  GAN augmentation to deal with imbalance in imaging-based intrusion detection , 2021, Future Gener. Comput. Syst..

[24]  Adel Binbusayyis,et al.  Enhanced Deep Autoencoder Based Feature Representation Learning for Intelligent Intrusion Detection System , 2021, Computers, Materials & Continua.

[25]  Punam Bedi,et al.  Siam-IDS: Handling class imbalance problem in Intrusion Detection Systems using Siamese Neural Network , 2020 .

[26]  Jinlin Wang,et al.  A GBDT-Paralleled Quadratic Ensemble Learning for Intrusion Detection System , 2020, IEEE Access.

[27]  Miad Faezipour,et al.  Deep and Machine Learning Approaches for Anomaly-Based Intrusion Detection of Imbalanced Network Traffic , 2019, IEEE Sensors Letters.

[28]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[29]  Kehe Wu,et al.  A Novel Intrusion Detection Model for a Massive Network Using Convolutional Neural Networks , 2018, IEEE Access.

[30]  Charu C. Aggarwal,et al.  Data Mining , 2015, Springer International Publishing.

[31]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[32]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .