IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks

Huang, Shuokang; Lei, Kai

doi:10.1016/j.adhoc.2020.102177

Cited by 153 publications

(81 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work in [ 61 ] proposed an Imbalanced Generative Adversarial Network (IGAN) for an intrusion detection model. Their approach consists of three folds, a deep neural network, feature extraction, and IGAN.…”

Section: Related Workmentioning

confidence: 99%

“…The authors detect cyber threats through an edge computing paradigm that is similar to data sources. More details of [ 61 , 62 , 63 ] as well as a comparison with the proposed approach can be found in Table 1 . The table shows the methods applied by the works and the existence of the intrusion detection process, the IoT system, and the multi attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Multi-Layer Classification Approach for Intrusion Detection in IoT Networks Based on Deep Learning

Qaddoura

Al-Zoubi

Faris

et al. 2021

Sensors

View full text Add to dashboard Cite

The security of IoT networks is an important concern to researchers and business owners, which is taken into careful consideration due to its direct impact on the availability of the services offered by IoT devices and the privacy of the users connected with the network. An intrusion detection system ensures the security of the network and detects malicious activities attacking the network. In this study, a deep multi-layer classification approach for intrusion detection is proposed combining two stages of detection of the existence of an intrusion and the type of intrusion, along with an oversampling technique to ensure better quality of the classification results. Extensive experiments are made for different settings of the first stage and the second stage in addition to two different strategies for the oversampling technique. The experiments show that the best settings of the proposed approach include oversampling by the intrusion type identification label (ITI), 150 neurons for the Single-hidden Layer Feed-forward Neural Network (SLFN), and 2 layers and 150 neurons for LSTM. The results are compared to well-known classification techniques, which shows that the proposed technique outperforms the others in terms of the G-mean having the value of 78% compared to 75% for KNN and less than 50% for the other techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A Multi-Layer Classification Approach for Intrusion Detection in IoT Networks Based on Deep Learning

Qaddoura

Al-Zoubi

Faris

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…The performance indicators for comparison include accuracy, Precision, DR, F1 score, Gmean and FPR. The intrusion detection models selected as experimental comparison objects include SAVAER-DNN [11], ResNet50 [17], GoogLeNet [17], TSE-IDS(Two-Stage Classifier Ensemble for IDS) [18], RNN-IDS (recurrent neural network) [19], DAE [20], AE [20], SCDNN [21], GAR-Forest [42], Gaussian-Bernoulli RBM [43], CGANs-DNN [44], GFBLS [45], LSTM4 [45], DAE-DFFNN [46], DT [47], SWSNM [48], IGAN-IDS [49]. To enhance the persuasiveness of the experimental results, all intrusion detection models use the same test set.…”

Section: ) Performance Comparison With Existing Instrusion Detectionmentioning

confidence: 99%

Network Intrusion Detection Based on Conditional Wasserstein Generative Adversarial Network and Cost-Sensitive Stacked Autoencoder

Zhang

Wang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

In the field of intrusion detection, there is often a problem of data imbalance, and more and more unknown types of attacks make detection difficult. To resolve above issues, this paper proposes a network intrusion detection model called CWGAN-CSSAE, which combines improved conditional Wasserstein Generative Adversarial Network (CWGAN) and cost-sensitive stacked autoencoders (CSSAE). First of all, the CWGAN network that introduces gradient penalty and L2 regularization is used to generate specified minority attack samples to reduce the class imbalance of the training dataset. Secondly, the stacked autoencoder is used to intelligently extract the deep abstract features of the network data. Finally, a cost-sensitive loss function is constructed to give a large misclassification cost to a minority of attack samples. Thus, effective detection of network intrusion attacks can be realized. The experimental results based on KDDTest+, KDDTest-21, and UNSW-NB15 datasets show that the CWGAN-CSSAE network intrusion detection model improves the detection accuracy of minority attacks and unknown attacks. In addition, the method in this paper is compared with other existing intrusion detection methods, excellent results have been achieved in performance indicators such as accuracy and F1 score. The accuracy on the above datasets reached 90.34%, 80.78% and 93.27% respectively. The accuracy of U2R on the KDDTest+ and KDDTest-21 datasets both reached 42.50%. The accuracy of R2L on the KDDTest+ and KDDTest-21 datasets reached 54.39% and 52.51%, respectively. And the F1 score on the above datasets reached 91.01%, 87.18% and 93.99% respectively.

show abstract

“…The UNSW-NB15 dataset is processed follow the procedure in the previous work [7]. Specifically, we use the Standard-Scaler function 1 to standardize the data, and randomly select data from the original dataset to generate training and testing sets.…”

Section: ) Unsw-nb15mentioning

confidence: 99%

“…With the massive growth in the scale of computer networks, network security has emerged as one of the major issues in computer systems and attracted worldwide attentions from industry and academia. Generally speaking, network intrusion misuse behaviors are driven by known attacks (e.g., denial-of service, worm) and anomalous activities are rooted in unknown threats (e.g., botnet, malware attack) [1]. Despite using different security applications, such as firewalls, malware prevention, data encryption, and user authentication, many organizations and enterprises still fail to defeat advanced network attacks [2].…”

Section: Introductionmentioning

confidence: 99%

The Effective Methods for Intrusion Detection With Limited Network Attack Data: Multi-Task Learning and Oversampling

et al. 2020

View full text Add to dashboard Cite

Recently, many anomaly intrusion detection algorithms have been developed and applied in network security. These algorithms achieve high detection rate on many classical datasets. However, most of them failed to address two challenges: 1) imbalanced traffic data with limited network attack, 2) multiple data sources that are distributed in different terminals. In detail, those algorithms assume that there are sufficient network traffic data to train their models for intrusion detection. Due to the network attack traffic is always scarce in the real-world network, this assumption is difficult to satisfy in most cases. In this paper, we use Multi-Task Learning (MTL) and oversampling methods to address those challenges of network intrusion detection. Firstly, we use the MTL method to treat each terminal as a single task, and then use relevant information between different terminals to help learn every single task. Meanwhile, we use the oversampling method to overcome the minority problem of attacks. Through a series of experiments on the latest UNSW-NB15 and CICIDS2018 datasets, this paper verifies the effectiveness of MTL and oversampling methods for network intrusion detection with limited network attack data, where they achieve more than 90% detection rate in different experimental settings.

show abstract

IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks

Cited by 153 publications

References 20 publications

A Multi-Layer Classification Approach for Intrusion Detection in IoT Networks Based on Deep Learning

A Multi-Layer Classification Approach for Intrusion Detection in IoT Networks Based on Deep Learning

Network Intrusion Detection Based on Conditional Wasserstein Generative Adversarial Network and Cost-Sensitive Stacked Autoencoder

The Effective Methods for Intrusion Detection With Limited Network Attack Data: Multi-Task Learning and Oversampling

Contact Info

Product

Resources

About