STUDY SPACE
FlowGANAnomaly: Flow-Based Anomaly Network Intrusion Detection with Adversarial Learning

FlowGANAnomaly: Flow-Based Anomaly Network Intrusion Detection with Adversarial Learning

January 2024 | Zeyi LI, Pan WANG, and Zixuan WANG
FlowGANAnomaly is a flow-based anomaly detection model for network intrusion detection systems (NIDS) that uses adversarial learning. Unlike traditional GAN-based approaches, FlowGANAnomaly consists of a generator (G) and a discriminator (D). It maps different types of traffic feature data from separate datasets to a uniform feature space, enabling more accurate capture of network traffic normality. The model integrates the deviation between the output of two Gs' convolutional encoders with the output of D as weighted scores to improve the low recall rate of anomaly detection. Experiments on four public datasets (NSL-KDD, CIC-IDS2017, CIC-DDoS2019, and UNSW-NB15) show that FlowGANAnomaly significantly improves the performance of anomaly-based NIDS. The model's key contributions include a novel network anomaly detection algorithm, an improved anomaly scoring method, and a threshold selection algorithm. It also compares with existing machine learning and deep learning methods, demonstrating superior performance in terms of AUC, precision, recall, and F1 scores. The model is evaluated on various datasets and shows strong performance in detecting anomalies, particularly in distinguishing between normal and malicious traffic. The model's interpretability is also discussed, with the use of the ATON algorithm to explain the results. The study concludes that FlowGANAnomaly is a promising approach for network intrusion detection, with potential for future research in real-world applications.FlowGANAnomaly is a flow-based anomaly detection model for network intrusion detection systems (NIDS) that uses adversarial learning. Unlike traditional GAN-based approaches, FlowGANAnomaly consists of a generator (G) and a discriminator (D). It maps different types of traffic feature data from separate datasets to a uniform feature space, enabling more accurate capture of network traffic normality. The model integrates the deviation between the output of two Gs' convolutional encoders with the output of D as weighted scores to improve the low recall rate of anomaly detection. Experiments on four public datasets (NSL-KDD, CIC-IDS2017, CIC-DDoS2019, and UNSW-NB15) show that FlowGANAnomaly significantly improves the performance of anomaly-based NIDS. The model's key contributions include a novel network anomaly detection algorithm, an improved anomaly scoring method, and a threshold selection algorithm. It also compares with existing machine learning and deep learning methods, demonstrating superior performance in terms of AUC, precision, recall, and F1 scores. The model is evaluated on various datasets and shows strong performance in detecting anomalies, particularly in distinguishing between normal and malicious traffic. The model's interpretability is also discussed, with the use of the ATON algorithm to explain the results. The study concludes that FlowGANAnomaly is a promising approach for network intrusion detection, with potential for future research in real-world applications.
Terms of Service
Privacy Policy
Reach us at info@study.space