利用GAN提高NIDS攻击检测性能

2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC) Pub Date : 2020-07-01 DOI:10.1109/COMPSAC48688.2020.0-162

Dongyang Li, Daisuke Kotani, Y. Okabe

{"title":"利用GAN提高NIDS攻击检测性能","authors":"Dongyang Li, Daisuke Kotani, Y. Okabe","doi":"10.1109/COMPSAC48688.2020.0-162","DOIUrl":null,"url":null,"abstract":"Nowadays, various methods are proposed to build effective anomaly-based Network Intrusion Detection System (NIDS). However, malicious packets are extremely less than normal packets and this class imbalance problem will result in low performance of attack detection. In this study, we have proposed a new hybrid oversampling model using GAN to improve attack detection performance in anomaly-based NIDS. It contains three main steps: feature extraction by Information Gain and PCA, data clustering by DBSCAN and data generation by WGAN-DIV. For performance evaluation, three HTTP only datasets: NSL-KDD-HTTP, UNSW-NB15-HTTP and Kyoto2006-Plus-HTTP are used. Six machine learning methods are utilized as anomaly-based NIDS and SMOTE is also used for comparison. Our model with XGBoost has achieved best F1-score in these three datasets from the results.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Improving Attack Detection Performance in NIDS Using GAN\",\"authors\":\"Dongyang Li, Daisuke Kotani, Y. Okabe\",\"doi\":\"10.1109/COMPSAC48688.2020.0-162\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, various methods are proposed to build effective anomaly-based Network Intrusion Detection System (NIDS). However, malicious packets are extremely less than normal packets and this class imbalance problem will result in low performance of attack detection. In this study, we have proposed a new hybrid oversampling model using GAN to improve attack detection performance in anomaly-based NIDS. It contains three main steps: feature extraction by Information Gain and PCA, data clustering by DBSCAN and data generation by WGAN-DIV. For performance evaluation, three HTTP only datasets: NSL-KDD-HTTP, UNSW-NB15-HTTP and Kyoto2006-Plus-HTTP are used. Six machine learning methods are utilized as anomaly-based NIDS and SMOTE is also used for comparison. Our model with XGBoost has achieved best F1-score in these three datasets from the results.\",\"PeriodicalId\":430098,\"journal\":{\"name\":\"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/COMPSAC48688.2020.0-162\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC48688.2020.0-162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

目前，为了构建有效的基于异常的网络入侵检测系统(NIDS)，提出了多种方法。但是，恶意报文的数量远远少于正常报文，这种类不平衡问题会导致攻击检测的性能下降。在这项研究中，我们提出了一种新的混合过采样模型，使用GAN来提高基于异常的NIDS的攻击检测性能。它包括三个主要步骤:信息增益和主成分分析的特征提取，DBSCAN的数据聚类和WGAN-DIV的数据生成。为了进行性能评估，我们使用了三个仅HTTP的数据集:NSL-KDD-HTTP, UNSW-NB15-HTTP和kyoto - 2006- plus -HTTP。使用六种机器学习方法作为基于异常的NIDS，并使用SMOTE进行比较。从结果来看，我们使用XGBoost的模型在这三个数据集中获得了最好的f1分数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving Attack Detection Performance in NIDS Using GAN

Nowadays, various methods are proposed to build effective anomaly-based Network Intrusion Detection System (NIDS). However, malicious packets are extremely less than normal packets and this class imbalance problem will result in low performance of attack detection. In this study, we have proposed a new hybrid oversampling model using GAN to improve attack detection performance in anomaly-based NIDS. It contains three main steps: feature extraction by Information Gain and PCA, data clustering by DBSCAN and data generation by WGAN-DIV. For performance evaluation, three HTTP only datasets: NSL-KDD-HTTP, UNSW-NB15-HTTP and Kyoto2006-Plus-HTTP are used. Six machine learning methods are utilized as anomaly-based NIDS and SMOTE is also used for comparison. Our model with XGBoost has achieved best F1-score in these three datasets from the results.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)

自引率

0.00%

发文量