Synthetic flow-based cryptomining attack generation through Generative Adversarial Networks

Mozó, Alberto; González-Prieto, Ángel; Pastor, Antonio; Canaval, Sandra Gómez; Talavera, Edgar

doi:10.1038/s41598-022-06057-2

Cited by 16 publications

(9 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mozo et al [122] proposed a WGAN-based approach to generate synthetic flow-based network traffic, addressing privacy concerns and providing a viable alternative to real data in ML training processes. Demonstrated in a crypto-mining attack scenario, the study explores diverse neural network architectures and proposes enhancements to improve the quality of synthetic data.…”

Section: Flow-based Network Traffic Generationmentioning

confidence: 99%

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Agrawal,

Kaur,

Myneni

2024

Electronics

View full text Add to dashboard Cite

The ability of deep learning to process vast data and uncover concealed malicious patterns has spurred the adoption of deep learning methods within the cybersecurity domain. Nonetheless, a notable hurdle confronting cybersecurity researchers today is the acquisition of a sufficiently large dataset to effectively train deep learning models. Privacy and security concerns associated with using real-world organization data have made cybersecurity researchers seek alternative strategies, notably focusing on generating synthetic data. Generative adversarial networks (GANs) have emerged as a prominent solution, lauded for their capacity to generate synthetic data spanning diverse domains. Despite their widespread use, the efficacy of GANs in generating realistic cyberattack data remains a subject requiring thorough investigation. Moreover, the proficiency of deep learning models trained on such synthetic data to accurately discern real-world attacks and anomalies poses an additional challenge that demands exploration. This paper delves into the essential aspects of generative learning, scrutinizing their data generation capabilities, and conducts a comprehensive review to address the above questions. Through this exploration, we aim to shed light on the potential of synthetic data in fortifying deep learning models for robust cybersecurity applications.

show abstract

Section: Flow-based Network Traffic Generationmentioning

confidence: 99%

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Agrawal,

Kaur,

Myneni

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Some research proposes techniques for generating datasets, including log line clustering [ 25 ], generating network flows at fragment level [ 26 ], using Generative Adversarial Networks (GANs) to generate datasets [ 27 ], dynamically generating datasets [ 28 ], and using fuzzy association rules to integrate device logs with traffic data [ 29 ].…”

Section: Related Workmentioning

confidence: 99%

Comparative Analysis of Anomaly Detection Approaches in Firewall Logs: Integrating Light-Weight Synthesis of Security Logs and Artificially Generated Attack Detection

Komadina,

Kovačević,

Štengl

et al. 2024

Sensors

View full text Add to dashboard Cite

Detecting anomalies in large networks is a major challenge. Nowadays, many studies rely on machine learning techniques to solve this problem. However, much of this research depends on synthetic or limited datasets and tends to use specialized machine learning methods to achieve good detection results. This study focuses on analyzing firewall logs from a large industrial control network and presents a novel method for generating anomalies that simulate real attacker actions within the network without the need for a dedicated testbed or installed security controls. To demonstrate that the proposed method is feasible and that the constructed logs behave as one would expect real-world logs to behave, different supervised and unsupervised learning models were compared using different feature subsets, feature construction methods, scaling methods, and aggregation levels. The experimental results show that unsupervised learning methods have difficulty in detecting the injected anomalies, suggesting that they can be seamlessly integrated into existing firewall logs. Conversely, the use of supervised learning methods showed significantly better performance compared to unsupervised approaches and a better suitability for use in real systems.

show abstract

“…One of the most innovative aspects of the SPIDER cyber range is its capability to automate offensive tactics by generating synthetic traffic traces. In this regard, a significant effort has been devoted to the study of the application of the recently appeared Generative Adversarial Networks (GANs) to generate synthetic flow-based network traffic to mimic both attacks and normal traffic [17]. In contrast to other approaches using GAN as a data augmentation solution, synthetic data generated in SPIDER can fully replace real data (both attacks and normal traffic).…”

Section: F Synthetic Attack Generation With Gansmentioning

confidence: 99%

A Digital Twin for the 5G Era: the SPIDER Cyber Range

Rebecchi

Pastor

Mozó³

et al. 2022

2022 IEEE 23rd International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM)

Self Cite

View full text Add to dashboard Cite

Service providers, 5G network operators and, more generally, vertical industries face today a dangerous shortage of highly skilled cybersecurity experts. Along with the escalation and growing sophistication of cyber-attacks, 5G networks require the training of skilled and highly competent cyber forces. To meet these requirements, the SPIDER cyber range focuses specifically on 5G, and is based on three pillars, (i) cyber security assessment, (ii) training cyber security teams to defend against complex cyber-attack scenarios, and (iii) evaluation of cyber risk. The SPIDER cyber range replicates a customized 5G network, enabling the execution of cyber-exercises that take advantage of hands-on interaction in real time, the sharing of information between participants, and the gathering of feedback from network equipment, as well as the development and adaptation of advanced operational procedures. This aims to help 5G security professionals improve their ability to collaboratively manage and predict security incidents, complex attacks, and propagated vulnerabilities. The SPIDER cyber range is validated in two relevant use case scenarios aimed at demonstrating, in a realistic, measurable, and replicable way the transformations SPIDER will bring to the cybersecurity industry.

show abstract

Synthetic flow-based cryptomining attack generation through Generative Adversarial Networks

Cited by 16 publications

References 32 publications

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Comparative Analysis of Anomaly Detection Approaches in Firewall Logs: Integrating Light-Weight Synthesis of Security Logs and Artificially Generated Attack Detection

A Digital Twin for the 5G Era: the SPIDER Cyber Range

Contact Info

Product

Resources

About