Skip to main content
SpringerLink
Log in

FlowADGAN: Adversarial Learning for Deep Anomaly Network Intrusion Detection

  • Conference paper
  • First Online:
Security and Trust Management (STM 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13867))

Included in the following conference series:

  • 284 Accesses

Abstract

Due to the increasingly evolved attacks on the Internet, especially IoT, 5G, and vehicle networking, a robust Network Intrusion Detection System (NIDS) has gained increasing attention from academic and industrial communities. Anomaly-based intrusion detection algorithms aim to detect unexpected deviations in the expected network behaviour, thus detecting unknown or novel attacks compared to signature-based methods. Deep Anomaly Detection (DAD) technologies have attracted much attention for their ability to detect unknown attacks without manually building the traffic behaviours profile. However, low recall rates and high dependencies on data labels still hinder the development of DAD technologies. Inspired by the successes of Generative Adversarial Networks (GANs) for detecting anomalies in the area of Computer Vision and Images, we have proposed a deep end-to-end architecture called FlowADGAN for detecting anomalies in NIDS. Unlike traditional GAN-based NIDS methods that usually construct Generator (G) and Discriminator (D) based on vanilla GAN, the proposed architecture is composed of a flow encoder-decoder-encoder for G, and a flow encoder for D. FlowADGAN can learn a latent flow feature space of G so that the latent space better captures the normality underlying the network traffic data. We conduct several experimental comparisons with existing machine learning algorithms like One-Class SVM, LOF, and PCA and existing deep learning methods, including AutoEncoder and VAE, on three public datasets, NSL-KDD CICIDS2017 and UNSW-NB15. The evaluation results show that FlowADGAN can significantly improve the performance of the anomaly-based NIDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abolhasanzadeh, B.: Nonlinear dimensionality reduction for intrusion detection using auto-encoder bottleneck features. In: 2015 7th Conference on Information and Knowledge Technology (IKT), pp. 15 (2015). https://doi.org/10.1109/IKT.2015.7288799

  2. Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60(C), 19–31 (2016). https://doi.org/10.1016/j.jnca.2015.11.016

  3. Akcay, S., Atapour-Abarghouei, A., Breckon, T.P.: GANomaly: semi-supervised anomaly detection via adversarial training. In: Jawahar, C.V., Li, H., Mori, G., Schindler, K. (eds.) ACCV 2018. LNCS, vol. 11363, pp. 622–637. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20893-6_39

    Chapter  Google Scholar 

  4. Amer, M., Goldstein, M., Abdennadher, S.: Enhancing one-class support vector machines for unsupervised anomaly detection. In: Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description, ODD’13, pp. 8–15. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2500853.2500857

  5. Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: Lof: identifying density-based local outliers. In: SIGMOD, vol. 29, no, 2, pp. 93–104 (2000)

    Google Scholar 

  6. Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of data, pp. 93–104 (2000)

    Google Scholar 

  7. Camacho, J., Pérez-Villegas, A., García-Teodoro, P., Maciá-Fernández, G.: PCA-based multivariate statistical network monitoring for anomaly detection. Comput. Secur. 59, 118–137 (2016)

    Article  Google Scholar 

  8. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009). https://doi.org/10.1145/1541880.1541882

    Article  Google Scholar 

  9. Creswell, A., White, T., Dumoulin, V., Arulkumaran, K., Sengupta, B., Bharath, A.A.: Generative adversarial networks: an overview. IEEE Signal Process. Mag. 35(1), 53–65 (2018)

    Article  Google Scholar 

  10. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005). https://doi.org/10.1016/j.eswa.2005.05.002, https://www.sciencedirect.com/science/article/pii/S0957417405000989

  11. Falcão, F., et al.: Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, SAC’19, pp. 318–327. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3297280.3297314

  12. Gharib, M., Mohammadi, B., Dastgerdi, S.H., Sabokrou, M.: Autoids: auto-encoder based method for intrusion detection system. ArXiv abs/1911.03306 (2019)

    Google Scholar 

  13. Kriegel, H.P., Schubert, M., Zimek, A.: Angle-based outlier detection in high-dimensional data. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’08, pp. 444–452. Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1401890.1401946

  14. Kwitt, R., Hofmann, U.: Unsupervised anomaly detection in network traffic by means of robust PCA. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI’07), p. 37 (2007). https://doi.org/10.1109/ICCGI.2007.62

  15. Li, K.L., Huang, H.K., Tian, S.F., Xu, W.: Improving one-class SVM for anomaly detection. In: Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No. 03EX693), vol. 5, pp. 3077–3081. IEEE (2003)

    Google Scholar 

  16. Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: 2008 8th IEEE International Conference on Data Mining, pp. 413–422 (2008). https://doi.org/10.1109/ICDM.2008.17

  17. Longari, S., Nova Valcarcel, D.H., Zago, M., Carminati, M., Zanero, S.: Cannolo: An anomaly detection system based on LSTM autoencoders for controller area network. IEEE Trans. Netw. Serv. Manage. 18(2), 1913–1924 (2021). https://doi.org/10.1109/TNSM.2020.3038991

    Article  Google Scholar 

  18. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. ArXiv abs/1802.09089 (2018)

    Google Scholar 

  19. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint. arXiv:1802.09089 (2018)

  20. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)

    Google Scholar 

  21. Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. 54(2), 1–38 (2021). https://doi.org/10.1145/3439950

    Article  Google Scholar 

  22. Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. (CSUR) 54(2), 1–38 (2021)

    Article  Google Scholar 

  23. Paulauskas, N., Bagdonas, A.F.: Local outlier factor use for the network flow anomaly detection. Secur. Commun. Netw. 8(18), 4203–4212 (2015)

    Article  Google Scholar 

  24. Pratomo, B.A., Burnap, P., Theodorakopoulos, G.: Unsupervised approach for detecting low rate attacks on network traffic with autoencoder. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–8 (2018). https://doi.org/10.1109/CyberSecPODS.2018.8560678

  25. Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint. arXiv:1511.06434 (2015)

  26. Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets. In: SIGMOD, vol. 29, no. 2, pp. 427–438 (2000). https://doi.org/10.1145/335191.335437

  27. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. (IJERT) 2(12), 1848–1853 (2013)

    Google Scholar 

  28. Schlegl, T., Seeböck, P., Waldstein, S.M., Langs, G., Schmidt-Erfurth, U.: f-AnoGAN: Fast unsupervised anomaly detection with generative adversarial networks. Med. Image Anal. 54, 30–44 (2019)

    Article  Google Scholar 

  29. Schlegl, T., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. In: Niethammer, M., et al. (eds.) IPMI 2017. LNCS, vol. 10265, pp. 146–157. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59050-9_12

    Chapter  Google Scholar 

  30. Schubert, E., Koos, A., Emrich, T., Züfle, A., Schmid, K.A., Zimek, A.: A framework for clustering uncertain data. In: Proceedings of the VLDB Endowment, vol. 8, no. 12, pp. 1976–1979 (2015). https://doi.org/10.14778/2824032.2824115

  31. Shubair, A., Ramadass, S., Altyeb, A.A.: kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection. J. Intell. Fuzzy Syst. 26(4), 1893–1908 (2014)

    Article  Google Scholar 

  32. Siniosoglou, I., Radoglou-Grammatikis, P., Efstathopoulos, G., Fouliras, P., Sarigiannidis, P.: A unified deep learning anomaly detection and classification approach for smart grid environments. IEEE Trans. Netw. Serv. Manage. 18(2), 1137–1151 (2021). https://doi.org/10.1109/TNSM.2021.3078381

    Article  Google Scholar 

  33. Usama, M., et al.: Unsupervised machine learning for networking: techniques, applications and research challenges. IEEE Access 7, 65579–65615 (2019). https://doi.org/10.1109/ACCESS.2019.2916648

    Article  Google Scholar 

  34. Xu, H., et al.: Beyond outlier detection: interpreting outliers by attention-guided triplet deviation network. In: Proceedings of the Web Conference 2021 (WWW’21). ACM (2021)

    Google Scholar 

  35. Zavrak, S., İskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020). https://doi.org/10.1109/ACCESS.2020.3001350

    Article  Google Scholar 

  36. Zavrak, S., Iskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020)

    Article  Google Scholar 

  37. Zenati, H., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient GAN-based anomaly detection. arXiv preprint. arXiv:1802.06222 (2018)

Download references

Acknowledgment

This work was supported by the National Science Foundation of China (61972211) and National Key R &D Program of China.

Author information

Authors and Affiliations

  1. School of Modern Posts, Nanjing University of Posts and Telecommunications, Nanjing, China

    Pan Wang & Zeyi Li

  2. Faculty of Data Science, Shiga University, Hikone, 522-8522, Japan

    Xiaokang Zhou

  3. RIKEN Center for Advanced Intelligence Project, RIKEN, Tokyo, 103-0027, Japan

    Xiaokang Zhou

  4. Division of Computer Science, University of Aizu, Fukushima, 965–8580, Japan

    Chunhua Su

  5. Department of Computer Science, City University of Hong Kong, Hong Kong SAR, China

    Weizheng Wang

Authors
  1. Pan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zeyi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaokang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunhua Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Weizheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pan Wang .

Editor information

Editors and Affiliations

  1. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Gabriele Lenzini

  2. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, P., Li, Z., Zhou, X., Su, C., Wang, W. (2023). FlowADGAN: Adversarial Learning for Deep Anomaly Network Intrusion Detection. In: Lenzini, G., Meng, W. (eds) Security and Trust Management. STM 2022. Lecture Notes in Computer Science, vol 13867. Springer, Cham. https://doi.org/10.1007/978-3-031-29504-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-29504-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-29503-4

  • Online ISBN: 978-3-031-29504-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation