Abstract
Long-Short-Term Memory (LSTM) networks can process sequential information and are a promising approach towards self-learning intrusion detection methods. Yet, this approach requires huge amounts of barely available labeled training data with recent and realistic behavior. This paper analyzes if the use of Generative Adversarial Networks (GANs) can improve the quality of LSTM classifiers on flow-based network data. GANs provide an opportunity to generate synthetic, but realistic data without creating exact copies. The classification objective is to separate flow-based network data into normal behavior and anomalies. To that end, we build a transformation process of the underlying data and develop a baseline LSTM classifier and a GAN-based model called LSTM-WGAN-GP. We investigate the effect of training the LSTM classifier only on real world data and training the LSTM-WGAN-GP on real and synthesized data. An experimental evaluation using the CIDDS-001 and ISCX Botnet data sets shows a general improvement in terms of Accuracy and F1-Score, while maintaining identical low False Positive Rates.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The malicious IPs are listed at: https://www.unb.ca/cic/datasets/botnet.html.
References
Accenture, Institute, P.: 2017 Cost of Cyber Crime Study. https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf (2017). Accessed 16 Jul 2019
Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein GAN. ArXiv abs/1701.07875 (2017)
Beigi, E.B., Jazi, H.H., Stakhanova, N., Ghorbani, A.A.: Towards effective feature selection in machine learning-based botnet detection approaches. In: IEEE Conference on Communications and Network Security (CNS), pp. 247–255. IEEE (2014)
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954, Internet Engineering Task Force (2004). https://tools.ietf.org/html/rfc3954
Gers, F.A., Schmidhuber, J.: Recurrent Nets that Time and Count. In: IEEE Int. Joint Conference on Neural Networks (IJCNN), pp. 189–194 vol.3 (2000)
Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. In: Advances in Neural Information Processing Systems (NIPS), pp. 2672–2680 (2014)
Greff, K., Srivastava, R.K., Koutník, J., Steunebrink, B.R., Schmidhuber, J.: LSTM: A Search Space Odyssey. IEEE Trans. Neural Netw. Learn. Syst. 28(10), 2222–2232 (2016)
Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.C.: Improved training of Wasserstein GAN. In: Advances in Neural Information Processing Systems (NIPS), pp. 5769–5779 (2017)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN (2017). arXiv preprint arXiv:1702.05983
Qin, Y., Wei, J., Yang, W.: Deep learning based anomaly detection scheme in software-defined networking. In: Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1–4. IEEE (2019)
Rigaki, M., Garcia, S.: Bringing a GAN to a knife-fight: Adapting malware communication to avoid detection. In: Deep Learning and Security Workshop, IEEE Security & Privacy Workshops (SPW), pp. 70–75 (2018)
Ring, M., Schlör, D., Landes, D., Hotho, A.: Flow-based network traffic generation using generative adversarial networks. Comput. Secur. 82, 156–172 (2019)
Ring, M., Wunderlich, S., Grdül, D., Landes, D., Hotho, A.: Flow-based benchmark data sets for intrusion detection. In: European Conference on Cyber Warfare and Security (ECCWS), pp. 361–369. ACPI (2017)
Sak, H., Senior, A.W., Beaufays, F.: Long short-term memory recurrent neural network architectures for large scale acoustic modeling. In: Conference of the International Speech Communication Association (INTERSPEECH), pp. 338–342 (2014)
Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security & Privacy, pp. 305–316. IEEE (2010)
Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: Techniques and challenges. Comput. Secur. 70, 238–254 (2017)
Yin, C., Zhu, Y., Liu, S., Fei, J., Zhang, H.: An enhancing framework for botnet detection using generative adversarial networks. In: International Conference on Artificial Intelligence and Big Data (ICAIBD), pp. 228–234 (2018)
Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)
Acknowledgements
This work is funded by the Bavarian Ministry for Economic affairs through the OBLEISK project. Further, we gratefully acknowledge the support of NVIDIA Corporation with the donation of the Titan Xp GPU used for this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wolf, M., Ring, M., Landes, D. (2021). Impact of Generative Adversarial Networks on NetFlow-Based Traffic Classification. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)