Automatically synthesizing DoS attack traces using generative adversarial networks

Abstract

Artificial intelligence (AI) technology ruling people is still the scene in the science fiction film, but hackers using AI technology against existing security measures is an inescapable trend. Network intrusion detection systems (NIDS) based deep learning such as convolutional neural network (CNN) have reached a very high detection rate. But we propose DoS-WGAN, a common architecture that uses the Wasserstein generative adversarial networks (WGAN) with gradient penalty technology to evade network traffic Classifiers. To camouflage offensive denial of service (DoS) attack traffic as normal network traffic, DoS-WGAN automatically synthesizes attack traces that can defeat a existing NIDS/network security defense for DoS cases. Information entropy is used to measure the dispersing performance of generated DoS attack traffic. The generated DoS attack traffic is so similar to the normal traffic that detection algorithm cannot distinguish between them. When we input the generated DoS attack traffic to a NIDS based on CNN in our experiments, the detection rate drops to $$47.6\%$$ from $$97.3\%$$. To make the training more stable, we integrate the Standardized Euclidean distance and the information entropy to evaluate the training process. We believe that AI technology will play a particularly important role in the game of network attack and defense.