Automatically synthesizing DoS attack traces using generative adversarial networks
- PDF / 1,956,579 Bytes
- 10 Pages / 595.276 x 790.866 pts Page_size
- 8 Downloads / 236 Views
ORIGINAL ARTICLE
Automatically synthesizing DoS attack traces using generative adversarial networks Qiao Yan1 · Mingde Wang1 · Wenyao Huang1 · Xupeng Luo1 · F. Richard Yu2 Received: 13 November 2018 / Accepted: 10 January 2019 © Springer-Verlag GmbH Germany, part of Springer Nature 2019
Abstract Artificial intelligence (AI) technology ruling people is still the scene in the science fiction film, but hackers using AI technology against existing security measures is an inescapable trend. Network intrusion detection systems (NIDS) based deep learning such as convolutional neural network (CNN) have reached a very high detection rate. But we propose DoS-WGAN, a common architecture that uses the Wasserstein generative adversarial networks (WGAN) with gradient penalty technology to evade network traffic Classifiers. To camouflage offensive denial of service (DoS) attack traffic as normal network traffic, DoS-WGAN automatically synthesizes attack traces that can defeat a existing NIDS/network security defense for DoS cases. Information entropy is used to measure the dispersing performance of generated DoS attack traffic. The generated DoS attack traffic is so similar to the normal traffic that detection algorithm cannot distinguish between them. When we input the generated DoS attack traffic to a NIDS based on CNN in our experiments, the detection rate drops to 47.6% from 97.3% . To make the training more stable, we integrate the Standardized Euclidean distance and the information entropy to evaluate the training process. We believe that AI technology will play a particularly important role in the game of network attack and defense. Keywords Network intrusion detection systems · Generative adversarial networks · Wasserstein-GAN
1 Introduction Artificial intelligence (AI) has a rise tendency to be used in computer security. In GeekPwn 2017, there was an AI session. AI was used to mix voice so as to unlock your tablets. Beyond GeekPwn, AI is used to build robot to automatically search hole of different systems and write code to exploit the security hole. There is no doubt that AI will become the main stage of computer security. In the study of network security, different AI technologies are used to detect network intrusion [5, 7, 9, 16, 19, * Qiao Yan [email protected] Mingde Wang [email protected] F. Richard Yu [email protected] 1
College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, China
College of Systems and Computer Engineering, Carleton University, Ottawa, ON, Canada
2
20, 27]. Deep learning is an important method of network intrusion detection [3, 8, 10, 13, 15, 18]. A lot of researchers have tried different machine learning methods, such as convolutional neural network [26], support vector machine [22, 24], to detect network anomaly. Most of them get good performance on the corresponding datasets. However, it is important to be aware that the machine learning results are skeptical in security tasks. Unlike when machine learning is used in other fields, secu
Data Loading...
