An intrusion detection method combining variational auto-encoder and generative adversarial networks

Deep learning is a crucial research area in network security, particularly when it comes to detecting network attacks. While some deep learning algorithms have shown promising results in distinguishing between normal and abnormal traffic, identifying different types of imbalanced anomalous traffic data is still a challenging task at present. To enhance the detection performance of unbalanced anomalous flows, we propose a new intrusion detection architecture based on a variational auto-encoder (VAE) and generative adversarial networks (GAN) in this research. Firstly, we present the VAE-WGAN model, which combines the advantages of VAE and GAN and enables us to generate data with predefined labels to balance the original training dataset. In the intrusion detection phase, we use a hybrid neural network model based on stacked Long Short-Term Memory (LSTM) and Multi-Scale Convolutional Neural Network (MSCNN). Stacked LSTM and MSCNN networks can extract network characteristics at different depths and scales, and subsequent feature fusion is used to increase network attack detection rates. Finally, the results from the NSL-KDD and AWID datasets indicate that the proposed network intrusion detection model improves the accuracy of network attack detection. The model outperforms other existing intrusion detection approaches in terms of accuracy, precision, recall, and f1-score, obtaining 83.45% accuracy and 83.69% f1-score on the NSL-KDD dataset. Moreover, it attains an accuracy and f1-score exceeding 98.9% on the AWID dataset.