Enhanced detection of imbalanced malicious network traffic with regularized Generative Adversarial Networks

Due to the emerging network security vulnerabilities and threats, securing the network and identifying malicious network traffic is crucial for various organizations. One critical aspect of this problem is an imbalance among different attack classes, which degrades the learning performance of machine learning models for detecting such malicious traffic. In this work, regularized Wasserstein Generative Adversarial Networks (WGAN) are proposed for augmenting the minority attack samples to obtain a balanced dataset. The data augmentation performance is evaluated statistically with five statistical measures, and it is shown that the proposed WGAN-IDR (Wasserstein GAN with Improved Deep Analytic Regularization) performs better than other augmentation methods. Experiments for binary as well as multiclass classification are conducted on the CICIDS2017 dataset to evaluate the per-class performance using three classification strategies: TRTR (Train on Real, Test on Real), TSTR (Train on Synthetic, Test on Real), and TRTS (Train on Real, Test on Synthetic). Using WGAN-IDR, we show that the TSTR and TRTS classification strategies on the balanced CICIDS2017 dataset outperform baseline and existing works due to diverse and realistic generated samples, with the overall F1-score of 0.99 for binary classification and 0.98 for multiclass classification.

Automated summary

Securing the network and identifying malicious network traffic is crucial for organizations due to emerging network security vulnerabilities and threats. This study proposes the use of regularized Wasserstein Generative Adversarial Networks (WGAN) to augment the dataset and balance attack samples, improving the learning performance of machine learning models for detecting malicious traffic. The experiments demonstrate that the proposed method outperforms other augmentation methods in terms of data augmentation performance.