FlowGANAnomaly: Flow-Based Anomaly Network Intrusion Detection with Adversarial Learning  被引量：2

作　　者：Zeyi LI Pan WANG Zixuan WANG 

机构地区：[1]School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210003,China [2]School of Modern Posts,Nanjing University of Posts and Telecommunications,Nanjing 210003,China [3]School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China

出　　处：《Chinese Journal of Electronics》2024年第1期58-71,共14页电子学报（英文版）

基　　金：supported by the National Natural Science Foundation (Grant No. 61972211);the National Key Research and Development Project (Grant No. 2020YFB1804700);the Future Network Innovation Research and Application Projects (Grant No. 2021FNA02006)。

摘　　要：In recent years, low recall rates and high dependencies on data labelling have become the biggest obstacle to developing deep anomaly detection(DAD) techniques. Inspired by the success of generative adversarial networks(GANs) in detecting anomalies in computer vision and imaging, we propose an anomaly detection model called Flow GANAnomaly for detecting anomalous traffic in network intrusion detection systems(NIDS). Unlike traditional GAN-based approaches, which are composed of a flow encoder, a convolutional encoder-decoder-encoder, a flow decoder and a convolutional encoder, the architecture of this model consists of a generator(G) and a discriminator(D).Flow GANAnomaly maps the different types of traffic feature data from separate datasets to a uniform feature space,thus can capture the normality of network traffic data more accurately in an adversarial manner to mitigate the problem of the high dependence on data labeling. Moreover, instead of simply detecting the anomalies by the output of D, we proposed a new anomaly scoring method that integrates the deviation between the output of two Gs’ convolutional encoders with the output of D as weighted scores to improve the low recall rate of anomaly detection. We conducted several experiments comparing existing machine learning algorithms and existing deep learning methods(Auto Encoder and VAE) on four public datasets(NSL-KDD, CIC-IDS2017, CIC-DDo S2019, and UNSW-NB15). The evaluation results show that Flow GANAnomaly can significantly improve the performance of anomaly-based NIDS.

关 键 词：Anomaly detection Unsupervised learning Generative adversarial network Intrusion detection system 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP18[自动化与计算机技术—计算机科学与技术]