Improving intrusion detection system performance using generative adversarial networks architecture

Detecting attacks based on their behaviour is challenging for security defence mechanisms, including Anomaly Intrusion Detection Systems (AIDSes) due to the attacks’ behaviours, numbers, and architecture used on AIDSes. Lack of information about attacks and their imbalances in datasets leads to limited performance in AIDSes. This research applied generative adversarial models to obtain more attacks and evaluate their quality to build efficient AIDSes against rare and unseen attacks. Specifically, Generative Adversarial Networks (GANs), Bidirectional Generative Adversarial Networks (BiGAN) and Wasserstein Generative Adversarial Networks (WGAN) were applied and evaluated on two popular datasets (NSL-KDD and CICIDS-2017) to identify these model’s limitations and propose new ones. The proposed models were Enhanced-Bidirectional Generative Adversarial Network (E-BiGAN) and AutoEncoder-Wasserstein Generative Adversarial Networks (AE-WGAN), which improved Anomaly Intrusion Detection System (AIDS) performance. The suggested models produce realistic attacks by learning from attack classes to build efficient AIDS against new and unseen attacks. The results indicate a significant enhancement for some attack classes where the AIDSes were utilised to deliver the best performance measure in evaluation metric scores. The study found that the generative model cannot produce high-quality attacks for all classes due to few samples for minor attacks, which delivered limited attack quality and limited impact on AIDS performance. For a comprehensive study, the Architecture types used in AIDS include popular Deep Learning (DL) classifiers; Convolution Neural Network (CNN), Gated Recurrent Unit (GRU), Long Short-Term Memory (LSTM), and Recurrent Neural Network (RNN). The study provides important insights into AIDS-related factors, which are affected by the nature of attacks, the dataset used to train the AIDS, classification type to train the AIDS. The research recommends considering all mentioned factors for building a robust AIDS. Finally, the proposed models were tested on the CSE-CIC-IDS2018 dataset for more validation, where the results showed that the performance is better than traditional generative models (BiGAN, WGAN).