GAN augmentation to deal with imbalance in imaging-based intrusion detection

Nowadays attacks on computer networks continue to advance at a rate outpacing cyber defenders' ability to write new attack signatures. This paper illustrates a deep learning methodology for the binary classification of the network traffic. The basic idea is to represent network flows as 2D images and use this imagery representation of the network traffic to train a Generative Adversarial Network (GAN) and a Convolutional Neural Network (CNN). The GAN is trained to produce new images of unforeseen network attacks by augmenting the training data used to learn a CNN-based intrusion detection model. The advantage is that the 2D data mapping technique used builds images of the network flows, which allow us to take advantage of deep learning architectures with convolution layers. In addition, the GAN-based data augmentation allows us to deal with the possible imbalance of malicious traffic that is commonly rarer than the normal traffic in the network traffic. Specifically, it is used to simulate unforeseen attacks to train a robust intrusion detection model. The proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on four benchmark datasets. (C) 2021 Published by Elsevier B.V.

Automated summary

This paper presents a deep learning methodology for binary classification of network traffic by representing network flows as 2D images and using Generative Adversarial Networks (GAN) and Convolutional Neural Networks (CNN). The GAN is trained to generate new images of unforeseen network attacks to augment training data for a CNN-based intrusion detection model, leading to better predictive accuracy.