Semi-supervised Malicious Traffic Detection with Improved Wasserstein Generative Adversarial Network with Gradient Penalty

Abstract

With the development of artificial intelligence, malicious traffic detection technology based on deep learning has become mainstream with its powerful detection performance. Most existing deep learning-based detection methods require sufficient labeled data to train classifiers. But much labeled traffic is difficult to obtain in practical applications. To solve this problem, we propose and implement a semi-supervised malicious traffic detection method based on improved Wasserstein Generative Adversarial Network with Gradient Penalized (WGAN-GP), denoted as SEMI-WGAN-GP. First, we construct a pseudo- feature map (PFM) for each stream in the dataset using the time-series properties of consecutive packets in a given stream. Second, we fix the generator and only train the discriminator on a few labeled PFMs, which obtain a discriminator that can distinguish malicious from benign traffic. Finally, the generator and discriminator are trained unsupervisedly in the adversarial setting, which allows the discriminator to improve detection performance by generator-generated PFMs. Experiments on the publicly available UNSW-NB15 dataset demonstrate that SEMI-WGAN-GP can achieve 90.53% accuracy using a few labeled samples (20% of the samples in the dataset are marked), exceeding the 79.92% and 84.94% of fully supervised multilayer perceptron network (MLP) and 2- dimensional convolutional neural network (2DCNN). In addition, SEMI-WGAN-GP also achieves better detection performance than SEMI-DCGAN by generating better samples.