Abstract
In the field of intrusion detection, there is often a problem of data imbalance, and more and more unknown types of attacks make detection difficult. To resolve above issues, this article proposes a network intrusion detection model called CWGAN-CSSAE, which combines improved conditional Wasserstein Generative Adversarial Network (CWGAN) and cost-sensitive stacked autoencoders (CSSAE). First of all, the CWGAN network that introduces gradient penalty and L2 regularization is used to generate specified minority attack samples to reduce the class imbalance of the training dataset. Secondly, the stacked autoencoder is used to intelligently extract the deep abstract features of the network data. Finally, a cost-sensitive loss function is constructed to give a large misclassification cost to a minority of attack samples. Thus, effective detection of network intrusion attacks can be realized. The experimental results based on KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> , KDDTest-21, and UNSW-NB15 datasets show that the CWGAN-CSSAE network intrusion detection model improves the detection accuracy of minority attacks and unknown attacks. In addition, the method in this article is compared with other existing intrusion detection methods, excellent results have been achieved in performance indicators such as accuracy and F1 score. The accuracy on the above datasets reached 90.34%, 80.78% and 93.27% respectively. The accuracy of U2R on the KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> and KDDTest-21 datasets both reached 42.50%. The accuracy of R2L on the KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> and KDDTest-21 datasets reached 54.39% and 52.51%, respectively. And the F1 score on the above datasets reached 91.01%, 87.18% and 93.99% respectively.
Highlights
Based on the rapid development of emerging technologies such as cloud computing, big data, and the Internet of Things, cyberspace has become the fifth-largest space besides land, sea, air and sky [1]
The advantages of the network intrusion detection model proposed in this paper are as follows: 1) conditional Wasserstein Generative Adversarial Network (CWGAN) can capture the real data distribution, and further, generate specified types of attack samples based on preset labels, which reduces the imbalance of the training set
Improved CWGAN fully combines the advantages of CGAN and WGAN, and introduces gradient penalty and L2 regularization to enhance the stability of network training
Summary
Based on the rapid development of emerging technologies such as cloud computing, big data, and the Internet of Things, cyberspace has become the fifth-largest space besides land, sea, air and sky [1]. As the rapid development of network technology, network attack methods are changing rapidly and more unknown attacks are threatening the security of cyberspace, which bring new challenges to the research of deep learning on intrusion detection [11]. Regarding solving the problem of data imbalance and unknown attack detection in intrusion detection, this paper proposes a novel network intrusion detection model called CWGAN-CSSAE, which combines improved CWGAN and a cost-sensitive stacked autoencoder. CWGAN-CSSAE uses a combination of data and algorithms to solve the problems of imbalanced class distribution, which improves the accuracy of the model's detection of minority attacks and unknown attacks. The advantages of the network intrusion detection model proposed in this paper are as follows: 1) CWGAN can capture the real data distribution, and further, generate specified types of attack samples based on preset labels, which reduces the imbalance of the training set.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
