Abstract
Many cyber attack actions can be observed, but the observables often exhibit intricate feature dependencies, non-homogeneity, and potentially rare yet critical samples. This work tests the ability to learn, model, and synthesize cyber intrusion alerts through Generative Adversarial Networks (GANs), which explore the feature space by reconciling between randomly generated samples and data that reflect a mixture of diverse attack behaviors without a priori knowledge. Through a comprehensive analysis using Jensen-Shannon Divergence, Conditional and Joint Entropy, and mode drops and additions, we show that the Wasserstein-GAN with Gradient Penalty and Mutual Information is more effective in learning to generate realistic alerts than models without Mutual Information constraints. We further show that the added Mutual Information constraint pushes the model to explore the feature space more thoroughly and increases the generation of low probability, yet critical, alert features. This research demonstrates the novel and promising application of unsupervised GANs to learn from limited yet diverse intrusion alerts to generate synthetic alerts that emulate critical dependencies, opening the door to proactive, data-driven cyber threat analyses.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: ACM Transactions on Management Information Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
