Enhanced detection of imbalanced malicious network traffic with regularized Generative Adversarial Networks

Abstract

Due to the emerging network security vulnerabilities and threats, securing the network and identifying malicious network traffic is crucial for various organizations. One critical aspect of this problem is an imbalance among different attack classes, which degrades the learning performance of machine learning models for detecting such malicious traffic. In this work, regularized Wasserstein Generative Adversarial Networks (WGAN) are proposed for augmenting the minority attack samples to obtain a balanced dataset. The data augmentation performance is evaluated statistically with five statistical measures, and it is shown that the proposed WGAN-IDR (Wasserstein GAN with Improved Deep Analytic Regularization) performs better than other augmentation methods. Experiments for binary as well as multiclass classification are conducted on the CICIDS2017 dataset to evaluate the per-class performance using three classification strategies: TRTR (Train on Real, Test on Real), TSTR (Train on Synthetic, Test on Real), and TRTS (Train on Real, Test on Synthetic). Using WGAN-IDR, we show that the TSTR and TRTS classification strategies on the balanced CICIDS2017 dataset outperform baseline and existing works due to diverse and realistic generated samples, with the overall F1-score of 0.99 for binary classification and 0.98 for multiclass classification.