Improving intrusion detection system performance using generative adversarial networks architecture
Detecting attacks based on their behaviour is challenging for security defence mechanisms, including Anomaly Intrusion Detection Systems (AIDSes) due to the attacks’ behaviours, numbers, and architecture used on AIDSes. Lack of information about attacks and their imbalances in datasets leads to limited performance in AIDSes. This research applied generative adversarial models to obtain more attacks and evaluate their quality to build efficient AIDSes against rare and unseen attacks. Specifically, Generative Adversarial Networks (GANs), Bidirectional Generative Adversarial Networks (BiGAN) and Wasserstein Generative Adversarial Networks (WGAN) were applied and evaluated on two popular datasets (NSL-KDD and CICIDS-2017) to identify these model’s limitations and propose new ones. The proposed models were Enhanced-Bidirectional Generative Adversarial Network (E-BiGAN) and AutoEncoder-Wasserstein Generative Adversarial Networks (AE-WGAN), which improved Anomaly Intrusion Detection System (AIDS) performance. The suggested models produce realistic attacks by learning from attack classes to build efficient AIDS against new and unseen attacks. The results indicate a significant enhancement for some attack classes where the AIDSes were utilised to deliver the best performance measure in evaluation metric scores. The study found that the generative model cannot produce high-quality attacks for all classes due to few samples for minor attacks, which delivered limited attack quality and limited impact on AIDS performance. For a comprehensive study, the Architecture types used in AIDS include popular Deep Learning (DL) classifiers; Convolution Neural Network (CNN), Gated Recurrent Unit (GRU), Long Short-Term Memory (LSTM), and Recurrent Neural Network (RNN). The study provides important insights into AIDS-related factors, which are affected by the nature of attacks, the dataset used to train the AIDS, classification type to train the AIDS. The research recommends considering all mentioned factors for building a robust AIDS. Finally, the proposed models were tested on the CSE-CIC-IDS2018 dataset for more validation, where the results showed that the performance is better than traditional generative models (BiGAN, WGAN).
History
School
- Science
Department
- Computer Science
Publisher
Loughborough UniversityRights holder
© Mohammad Emad Mustafa ArafahPublication date
2023Notes
A Doctoral Thesis. Submitted in partial fulfilment of the requirements for the award of the degree of Doctor of Philosophy of Loughborough University.Language
- en
Supervisor(s)
Iain Phillips ; Asma AdnaneQualification name
- PhD
Qualification level
- Doctoral
This submission includes a signed certificate in addition to the thesis file(s)
- I have submitted a signed certificate