Evaluating the impact of generative adversarial models on the performance of anomaly intrusion detection

Abstract

With the increasing rate and types of cyber attacks against information systems and communication infrastructures, many tools are needed to detect and mitigate against such attacks, for example, Intrusion Detection Systems (IDSs). Unfortunately, traditional Signature-based IDSs (SIDSs) perform poorly against previously unseen adversarial attacks. Anomaly-based IDSs (AIDSs) use Machine Learning (ML) and Deep Learning (DL) approaches to overcome these limitations. However, AIDS performance can be poor when trained on imbalanced datasets. To address the challenge of AIDS performance caused by these unbalanced training datasets, generative adversarial models are proposed to obtain adversarial attacks from one side and analyse their quality from another. According to extensive usage and reliability criteria for generative adversarial models in different disciplines, Generative Adversarial Networks (GANs), Bidirectional GAN (BiGAN), and Wasserstein GAN (WGAN) are employed to serve AIDS. The authors have extensively assessed their abilities and robustness to deliver high-quality attacks for AIDS. AIDSs are constructed, trained, and tuned based on these models to measure their impacts. The authors have employed two datasets: NSL-KDD and CICIDS-2017 for generalisation purposes, where ML and DL approaches are utilised to implement AIDSs. Their results show that the WGAN model outperformed GANs and BiGAN models in binary and multiclass classifications for both datasets.