{"title":"Improving Attack Detection Performance in NIDS Using GAN","authors":"Dongyang Li, Daisuke Kotani, Y. Okabe","doi":"10.1109/COMPSAC48688.2020.0-162","DOIUrl":null,"url":null,"abstract":"Nowadays, various methods are proposed to build effective anomaly-based Network Intrusion Detection System (NIDS). However, malicious packets are extremely less than normal packets and this class imbalance problem will result in low performance of attack detection. In this study, we have proposed a new hybrid oversampling model using GAN to improve attack detection performance in anomaly-based NIDS. It contains three main steps: feature extraction by Information Gain and PCA, data clustering by DBSCAN and data generation by WGAN-DIV. For performance evaluation, three HTTP only datasets: NSL-KDD-HTTP, UNSW-NB15-HTTP and Kyoto2006-Plus-HTTP are used. Six machine learning methods are utilized as anomaly-based NIDS and SMOTE is also used for comparison. Our model with XGBoost has achieved best F1-score in these three datasets from the results.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC48688.2020.0-162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
Nowadays, various methods are proposed to build effective anomaly-based Network Intrusion Detection System (NIDS). However, malicious packets are extremely less than normal packets and this class imbalance problem will result in low performance of attack detection. In this study, we have proposed a new hybrid oversampling model using GAN to improve attack detection performance in anomaly-based NIDS. It contains three main steps: feature extraction by Information Gain and PCA, data clustering by DBSCAN and data generation by WGAN-DIV. For performance evaluation, three HTTP only datasets: NSL-KDD-HTTP, UNSW-NB15-HTTP and Kyoto2006-Plus-HTTP are used. Six machine learning methods are utilized as anomaly-based NIDS and SMOTE is also used for comparison. Our model with XGBoost has achieved best F1-score in these three datasets from the results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
