Visible to the public Addressing Imbalanced Data Problem with Generative Adversarial Network For Intrusion Detection

TitleAddressing Imbalanced Data Problem with Generative Adversarial Network For Intrusion Detection
Publication TypeConference Paper
Year of Publication2020
AuthorsYilmaz, I., Masum, R., Siraj, A.
Conference Name2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI)
Keywordsadversarial samples, attack detection, attack labels, balanced attack sample dataset, benign data, classification, compositionality, Cyber Attacks, Data models, data wrangling, defense mechanisms, Gallium nitride, Generative Adversarial Learning, generative adversarial network, Generative Adversarial Network (GAN), generative adversarial networks, Generators, imbalanced data problem, Imbalanced dataset, Information Reuse and Security, Intrusion detection, learning (artificial intelligence), machine learning, MLP Neural Network, Multilayer Perceptron, multilayer perceptrons, network security., Neural network (NN), Neural networks, pattern classification, Predictive Metrics, pubcrawl, Resiliency, Scalability, security of data, Training, UGR16 dataset

Machine learning techniques help to understand underlying patterns in datasets to develop defense mechanisms against cyber attacks. Multilayer Perceptron (MLP) technique is a machine learning technique used in detecting attack vs. benign data. However, it is difficult to construct any effective model when there are imbalances in the dataset that prevent proper classification of attack samples in data. In this research, we use UGR'16 dataset to conduct data wrangling initially. This technique helps to prepare a test set from the original dataset to train the neural network model effectively. We experimented with a series of inputs of varying sizes (i.e. 10000, 50000, 1 million) to observe the performance of the MLP neural network model with distribution of features over accuracy. Later, we use Generative Adversarial Network (GAN) model that produces samples of different attack labels (e.g. blacklist, anomaly spam, ssh scan) for balancing the dataset. These samples are generated based on data from the UGR'16 dataset. Further experiments with MLP neural network model shows that a balanced attack sample dataset, made possible with GAN, produces more accurate results than an imbalanced one.

Citation Keyyilmaz_addressing_2020