Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network

Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)-i.e., an architecture based on a deep-learning algorithm capable of creating generative models-was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance.

Automated summary

Intrusion detection and prevention are crucial in network security infrastructure. Machine learning-based IDSs have been developed to detect malicious traffic that may evade traditional rules. This study focused on an IDS model using multiple algorithms and trained it using the NSL-KDD dataset. Adversarial instances of network traffic were created using a generative adversarial network (GAN) to test the IDS performance, and the results showed that using adversarial traffic improved the machine learning-based IDS performance even against traffic that could evade detection.