Flow-based network traffic generation using Generative Adversarial Networks

Ring, Markus; Schlör, Daniel; Landes, Dieter; Hotho, Andreas

doi:10.1016/j.cose.2018.12.012

Cited by 153 publications

(80 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It can attain very excellent anomaly detection efficiency in network traffic data by extracting the CNN's spatial characteristics and the LSTM model's temporal characteristics. In [17], Markus Ring et al suggested a new technique to produce pseudo-NetFlow information based on the generation of an anti-neural network (GAN), which can produce excellent outcomes for detection and generation. The primary challenge is that GAN can handle only ongoing characteristics, and Net-Flow generally has various characteristics of classification.…”

Section: B Related Workmentioning

confidence: 99%

NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

et al. 2020

View full text Add to dashboard Cite

Figuring the network's hidden abnormal behavior can reduce network vulnerability. This paper presents a detailed architecture in which the collected log data of the network can be processed and analyzed. We process and integrate on-campus network information from every router and store the integrated NetFlow log data. Ceph is used as an open-source distributed storage platform that offers high efficiency, high reliability, scalability, and preliminary preprocessing of raw data with Python, removing redundant areas and unification. In the subanalysis, we discover the anomaly event and absolute flow by three times of standard deviation rule. Keras has been used to classify in-time data collected via a cyberattack and to construct an automatic identifier template through the Recurring Neural Network (RNN) test. The identification accuracy of the optimization model is around 98% in attack detection. Finally, in the MySQL server, the results of the real-time evaluation can be obtained, and the results of the assessment can be displayed via ECharts.

show abstract

Section: B Related Workmentioning

confidence: 99%

NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

et al. 2020

View full text Add to dashboard Cite

show abstract

“…packet byte-streams to be even harder to generate abiding to constraints but easier to break because the detector has more inputs that can be modified by an attacker. Recent work has focused on generating real packet traffic [5,11] and network flows [15] to improve datasets used in malware traffic detection using Generative Adversarial Networks. The flow-based approach relies entirely on the GAN to generate adversarial flows, yet it may be impossible to craft such a flow.…”

Section: Related Workmentioning

confidence: 99%

Flow-based Detection and Proxy-based Evasion of Encrypted Malware C2 Traffic

Novo

Morla

2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

View full text Add to dashboard Cite

State of the art deep learning techniques are known to be vulnerable to evasion attacks where an adversarial sample is generated from a malign sample and misclassified as benign. Detection of encrypted malware command and control traffic based on TCP/IP flow features can be framed as a learning task and is thus vulnerable to evasion attacks. However, unlike e.g. in image processing where generated adversarial samples can be directly mapped to images, going from flow features to actual TCP/IP packets requires crafting the sequence of packets, with no established approach for such crafting and a limitation on the set of modifiable features that such crafting allows. In this paper we discuss learning and evasion consequences of the gap between generated and crafted adversarial samples. We exemplify with a deep neural network detector trained on a public C2 traffic dataset, white-box adversarial learning, and a proxy-based approach for crafting longer flows. Our results show 1) the high evasion rate obtained by using generated adversarial samples on the detector can be significantly reduced when using crafted adversarial samples; 2) robustness against adversarial samples by model hardening varies according to the crafting approach and corresponding set of modifiable features that the attack allows for; 3) incrementally training hardened models with adversarial samples can produce a level playing field where no detector is best against all attacks and no attack is best against all detectors, in a given set of attacks and detectors. To the best of our knowledge this is the first time that level playing field feature set-and iteration-hardening are analyzed in encrypted C2 malware traffic detection. CCS CONCEPTS • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Computing methodologies → Machine learning.

show abstract

“…Network traffic generation using GANs has been considered for detecting intrusion, dataset augmentation, or illegality detection [6], [45], [46]. Ring et al [47] introduced flow-based traffic generation using GAN. This work aims to generate realistic network traffic to aid intrusion detection systems (IDS).…”

Section: Background and Related Workmentioning

confidence: 99%

GAN Tunnel: Network Traffic Steganography by Using GANs to Counter Internet Traffic Classifiers

Fathi-Kazerooni

Rojas‐Cessa

2020

IEEE Access

View full text Add to dashboard Cite

In this paper, we introduce a novel traffic masking method, called Generative Adversarial Network (GAN) tunnel, to protect the identity of applications that generate network traffic from classification by adversarial Internet traffic classifiers (ITCs). Such ITCs have been used in the past for website fingerprinting and detection of network protocols. Their use is becoming more ubiquitous than before for inferring user information. ITCs based on machine learning can identify user applications by analyzing the statistical features of encrypted packets. Our proposed GAN tunnel generates traffic that mimics a decoy application and encapsulates actual user traffic in the GAN-generated traffic to prevent classification from adversarial ITCs. We show that the statistical distributions of the generated traffic features closely resemble those of the actual network traffic. Therefore, the actual user applications and information associated with the user remain anonymous. We test the GAN tunnel traffic against high-performing ITCs, such as Random Forest and eXtreme Gradient Boosting (XGBoost), and we show that the GAN tunnel protects the identity of the source applications effectively.

show abstract

Flow-based network traffic generation using Generative Adversarial Networks

Cited by 153 publications

References 29 publications

NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

Flow-based Detection and Proxy-based Evasion of Encrypted Malware C2 Traffic

GAN Tunnel: Network Traffic Steganography by Using GANs to Counter Internet Traffic Classifiers

Contact Info

Product

Resources

About