Abstract
Due to the increasingly evolved attacks on the Internet, especially IoT, 5G, and vehicle networking, a robust Network Intrusion Detection System (NIDS) has gained increasing attention from academic and industrial communities. Anomaly-based intrusion detection algorithms aim to detect unexpected deviations in the expected network behaviour, thus detecting unknown or novel attacks compared to signature-based methods. Deep Anomaly Detection (DAD) technologies have attracted much attention for their ability to detect unknown attacks without manually building the traffic behaviours profile. However, low recall rates and high dependencies on data labels still hinder the development of DAD technologies. Inspired by the successes of Generative Adversarial Networks (GANs) for detecting anomalies in the area of Computer Vision and Images, we have proposed a deep end-to-end architecture called FlowADGAN for detecting anomalies in NIDS. Unlike traditional GAN-based NIDS methods that usually construct Generator (G) and Discriminator (D) based on vanilla GAN, the proposed architecture is composed of a flow encoder-decoder-encoder for G, and a flow encoder for D. FlowADGAN can learn a latent flow feature space of G so that the latent space better captures the normality underlying the network traffic data. We conduct several experimental comparisons with existing machine learning algorithms like One-Class SVM, LOF, and PCA and existing deep learning methods, including AutoEncoder and VAE, on three public datasets, NSL-KDD CICIDS2017 and UNSW-NB15. The evaluation results show that FlowADGAN can significantly improve the performance of the anomaly-based NIDS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abolhasanzadeh, B.: Nonlinear dimensionality reduction for intrusion detection using auto-encoder bottleneck features. In: 2015 7th Conference on Information and Knowledge Technology (IKT), pp. 15 (2015). https://doi.org/10.1109/IKT.2015.7288799
Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60(C), 19–31 (2016). https://doi.org/10.1016/j.jnca.2015.11.016
Akcay, S., Atapour-Abarghouei, A., Breckon, T.P.: GANomaly: semi-supervised anomaly detection via adversarial training. In: Jawahar, C.V., Li, H., Mori, G., Schindler, K. (eds.) ACCV 2018. LNCS, vol. 11363, pp. 622–637. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20893-6_39
Amer, M., Goldstein, M., Abdennadher, S.: Enhancing one-class support vector machines for unsupervised anomaly detection. In: Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description, ODD’13, pp. 8–15. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2500853.2500857
Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: Lof: identifying density-based local outliers. In: SIGMOD, vol. 29, no, 2, pp. 93–104 (2000)
Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of data, pp. 93–104 (2000)
Camacho, J., Pérez-Villegas, A., García-Teodoro, P., Maciá-Fernández, G.: PCA-based multivariate statistical network monitoring for anomaly detection. Comput. Secur. 59, 118–137 (2016)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009). https://doi.org/10.1145/1541880.1541882
Creswell, A., White, T., Dumoulin, V., Arulkumaran, K., Sengupta, B., Bharath, A.A.: Generative adversarial networks: an overview. IEEE Signal Process. Mag. 35(1), 53–65 (2018)
Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005). https://doi.org/10.1016/j.eswa.2005.05.002, https://www.sciencedirect.com/science/article/pii/S0957417405000989
Falcão, F., et al.: Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, SAC’19, pp. 318–327. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3297280.3297314
Gharib, M., Mohammadi, B., Dastgerdi, S.H., Sabokrou, M.: Autoids: auto-encoder based method for intrusion detection system. ArXiv abs/1911.03306 (2019)
Kriegel, H.P., Schubert, M., Zimek, A.: Angle-based outlier detection in high-dimensional data. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’08, pp. 444–452. Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1401890.1401946
Kwitt, R., Hofmann, U.: Unsupervised anomaly detection in network traffic by means of robust PCA. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI’07), p. 37 (2007). https://doi.org/10.1109/ICCGI.2007.62
Li, K.L., Huang, H.K., Tian, S.F., Xu, W.: Improving one-class SVM for anomaly detection. In: Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No. 03EX693), vol. 5, pp. 3077–3081. IEEE (2003)
Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: 2008 8th IEEE International Conference on Data Mining, pp. 413–422 (2008). https://doi.org/10.1109/ICDM.2008.17
Longari, S., Nova Valcarcel, D.H., Zago, M., Carminati, M., Zanero, S.: Cannolo: An anomaly detection system based on LSTM autoencoders for controller area network. IEEE Trans. Netw. Serv. Manage. 18(2), 1913–1924 (2021). https://doi.org/10.1109/TNSM.2020.3038991
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. ArXiv abs/1802.09089 (2018)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint. arXiv:1802.09089 (2018)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)
Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. 54(2), 1–38 (2021). https://doi.org/10.1145/3439950
Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. (CSUR) 54(2), 1–38 (2021)
Paulauskas, N., Bagdonas, A.F.: Local outlier factor use for the network flow anomaly detection. Secur. Commun. Netw. 8(18), 4203–4212 (2015)
Pratomo, B.A., Burnap, P., Theodorakopoulos, G.: Unsupervised approach for detecting low rate attacks on network traffic with autoencoder. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–8 (2018). https://doi.org/10.1109/CyberSecPODS.2018.8560678
Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint. arXiv:1511.06434 (2015)
Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets. In: SIGMOD, vol. 29, no. 2, pp. 427–438 (2000). https://doi.org/10.1145/335191.335437
Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. (IJERT) 2(12), 1848–1853 (2013)
Schlegl, T., Seeböck, P., Waldstein, S.M., Langs, G., Schmidt-Erfurth, U.: f-AnoGAN: Fast unsupervised anomaly detection with generative adversarial networks. Med. Image Anal. 54, 30–44 (2019)
Schlegl, T., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. In: Niethammer, M., et al. (eds.) IPMI 2017. LNCS, vol. 10265, pp. 146–157. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59050-9_12
Schubert, E., Koos, A., Emrich, T., Züfle, A., Schmid, K.A., Zimek, A.: A framework for clustering uncertain data. In: Proceedings of the VLDB Endowment, vol. 8, no. 12, pp. 1976–1979 (2015). https://doi.org/10.14778/2824032.2824115
Shubair, A., Ramadass, S., Altyeb, A.A.: kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection. J. Intell. Fuzzy Syst. 26(4), 1893–1908 (2014)
Siniosoglou, I., Radoglou-Grammatikis, P., Efstathopoulos, G., Fouliras, P., Sarigiannidis, P.: A unified deep learning anomaly detection and classification approach for smart grid environments. IEEE Trans. Netw. Serv. Manage. 18(2), 1137–1151 (2021). https://doi.org/10.1109/TNSM.2021.3078381
Usama, M., et al.: Unsupervised machine learning for networking: techniques, applications and research challenges. IEEE Access 7, 65579–65615 (2019). https://doi.org/10.1109/ACCESS.2019.2916648
Xu, H., et al.: Beyond outlier detection: interpreting outliers by attention-guided triplet deviation network. In: Proceedings of the Web Conference 2021 (WWW’21). ACM (2021)
Zavrak, S., İskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020). https://doi.org/10.1109/ACCESS.2020.3001350
Zavrak, S., Iskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020)
Zenati, H., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient GAN-based anomaly detection. arXiv preprint. arXiv:1802.06222 (2018)
Acknowledgment
This work was supported by the National Science Foundation of China (61972211) and National Key R &D Program of China.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, P., Li, Z., Zhou, X., Su, C., Wang, W. (2023). FlowADGAN: Adversarial Learning for Deep Anomaly Network Intrusion Detection. In: Lenzini, G., Meng, W. (eds) Security and Trust Management. STM 2022. Lecture Notes in Computer Science, vol 13867. Springer, Cham. https://doi.org/10.1007/978-3-031-29504-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-29504-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29503-4
Online ISBN: 978-3-031-29504-1
eBook Packages: Computer ScienceComputer Science (R0)