Research On Generative Adversarial Networks In Intrusion Detection

Nowadays,with the advance of the new digital infrastructure,the internet has officially become a vital part of the critical national infrastructure.Therefore,cyber security has also been raised to the height of national security.The Intrusion Detection System(IDS),which is on the front line of protecting network security,has received much attention from researchers.After years of development,research in this field has passed the era of rules and expert knowledge and gradually moved towards combining artificial intelligence technology.Compared with other deep learning models,the Generative Adversarial Network(GAN)will change the current research ideas to a large extent due to its adversarial game idea can be more suitable for cyber security research and proven good performance.It enables both the attack and defense sides to enhance their capabilities greatly,so it is necessary to conduct sufficient research to know the opponent.Based on hierarchical research and outstanding characteristics,this thesis first discusses the existing combination research ideas and schemes of GAN and IDS from the network data flow and packet levels.After that,this thesis discovers and summarizes the existing problems and then proposes targeted improvements and verifies them through experiments.The main work of this thesis includes:(1)At the network flow level,this thesis introduces and analyzes the existing GAN driving traffic evasion attack method.The attacker learns the normal software network behavior using GAN and then instructs the malware to change its network behavior to avoid MLbased IDS detection.On this basis,this thesis first introduces the reverse poisoning strategy from the defender’s perspective to enhance the robustness of the existing IDS against such attacks.Inspired by this attack and defense process,this thesis analyzes the existing GANbased malware network behavior simulation schemes and finds some problems,such as insufficient utilization of sample information and inadequate training of positive and negative samples separately.To address these issues,this thesis introduces Wasserstein distance and improves the training mode to get a new adaptive malware stealth communication scheme named AMSC.The proposed method has low detectability against ML-based IDS and further enhances the communication efficiency of malware by changing the way GAN is combined with malware.Finally,through simulation experiments on the public dataset,we verify the effectiveness of the proposed reverse poisoning strategy and the concealment and efficiency of the AMSC scheme.(2)At the network packet level,this thesis classifies and analyzes the datasets in the field of intrusion detection and finds that the problems of imbalance in data sets and poisoning of data sets are prevalent,which seriously restrict the development of research in this field.This thesis proposes an IDS dataset reconstruction scheme based on an improved GAN to solve the above problems.Aiming at the issues of insufficient learning effect on IDS data distribution,unsatisfactory quality of generated network samples,and poisoning samples in existing research,the proposed scheme introduces LSTM with the attention mechanism,improves the penalty function,and employs a poisoning sample cleaning mechanism based on information gain.Finally,this thesis conducts experiments based on public and selfcollected datasets with different proportions of poisoning samples.The result shows that the dataset processed by the proposed scheme has better performance in category balance and poisoning samples than the dataset processed by the current existing method and the original dataset.So it can be considered that the proposed scheme proposed in this thesis improves the quality of the existing IDS datasets.