In the field of intrusion detection, there is often a problem of data imbalance, and more and more unknown types of attacks make detection difficult. To resolve above issues, this article proposes a network intrusion detection model called CWGAN-CSSAE, which combines improved conditional Wasserstein Generative Adversarial Network (CWGAN) and cost-sensitive stacked autoencoders (CSSAE). First of all, the CWGAN network that introduces gradient penalty and L2 regularization is used to generate specified minority attack samples to reduce the class imbalance of the training dataset. Secondly, the stacked autoencoder is used to intelligently extract the deep abstract features of the network data. Finally, a cost-sensitive loss function is constructed to give a large misclassification cost to a minority of attack samples. Thus, effective detection of network intrusion attacks can be realized. The experimental results based on KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> , KDDTest-21, and UNSW-NB15 datasets show that the CWGAN-CSSAE network intrusion detection model improves the detection accuracy of minority attacks and unknown attacks. In addition, the method in this article is compared with other existing intrusion detection methods, excellent results have been achieved in performance indicators such as accuracy and F1 score. The accuracy on the above datasets reached 90.34%, 80.78% and 93.27% respectively. The accuracy of U2R on the KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> and KDDTest-21 datasets both reached 42.50%. The accuracy of R2L on the KDDTest <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> and KDDTest-21 datasets reached 54.39% and 52.51%, respectively. And the F1 score on the above datasets reached 91.01%, 87.18% and 93.99% respectively.
Read full abstract