GAN-based method for cyber-intrusion detection

Ubiquitous cyber-intrusions endanger the security of our devices constantly. They may bring irreversible damages to the system and cause leakage of privacy. Thus, it is of vital importance to promptly detect these intrusions. Traditional methods such as Decision Trees and Support Vector Machine (SVM) are used to classify normal internet connections and cyber-intrusions. However, the intrusions are largely fewer than normal connections, which limits the capability of these methods. Anomaly detection methods such as Isolation Forest can handle the imbalanced data. Nevertheless, when the features of data increase, these methods lack enough ability to learn the distribution. Generative adversarial network (GAN) has been proposed to solve the above issues. With its strong generative ability, it only needs to learn the distribution of normal status, and identify the abnormal status when intrusion occurs. But existing models are not suitable to process discrete values, leading to immense degradation of detection performance. To cope with these challenges, in this paper, we propose a novel GAN-based model with specifically-designed loss function to detect cyber-intrusions. Experiment results show that our model outperforms state-of-the-art models and remarkably reduce the overhead.

[1]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[2]  Jianhua Lin,et al.  Divergence measures based on the Shannon entropy , 1991, IEEE Trans. Inf. Theory.

[3]  Chuan Sheng Foo,et al.  Efficient GAN-Based Anomaly Detection , 2018, ArXiv.

[4]  拓海 杉山,et al.  “Unpaired Image-to-Image Translation using Cycle-Consistent Adversarial Networks”の学習報告 , 2017 .

[5]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[6]  M. Sadiq Ali Khan,et al.  Rule based Network Intrusion Detection using Genetic Algorithm , 2011 .

[7]  Ian J. Goodfellow,et al.  NIPS 2016 Tutorial: Generative Adversarial Networks , 2016, ArXiv.

[8]  Leyla Bilge,et al.  Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains , 2014, TSEC.

[9]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[10]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[11]  V. Rao Vemuri,et al.  Robust Support Vector Machines for Anomaly Detection in Computer Security , 2003, ICMLA.

[12]  Misty K. Blowers,et al.  Machine Learning Applied to Cyber Operations , 2014, Network Science and Cybersecurity.

[13]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[14]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[15]  Georg Langs,et al.  Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery , 2017, IPMI.

[16]  Yu Cheng,et al.  Deep Structured Energy Based Models for Anomaly Detection , 2016, ICML.

[17]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[18]  Yoshua Bengio,et al.  Generative Adversarial Networks , 2014, ArXiv.

[19]  Wojciech Zaremba,et al.  Improved Techniques for Training GANs , 2016, NIPS.

[20]  Trevor Darrell,et al.  Adversarial Feature Learning , 2016, ICLR.

[21]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[22]  Francisco J. Prieto,et al.  Multivariate Outlier Detection and Robust Covariance Matrix Estimation , 2001, Technometrics.