Anomaly Generation using Generative Adversarial Networks in Host Based Intrusion Detection
Milad Salem, Shayan Taheri, Jiann Shiun Yuan

TL;DR
This paper demonstrates how Cycle-GANs can generate synthetic anomalies from normal data to improve host-based intrusion detection, significantly enhancing detection performance on imbalanced datasets.
Contribution
It introduces a novel approach using Cycle-GANs to generate synthetic anomalies from normal data for intrusion detection, outperforming traditional oversampling methods like SMOTE.
Findings
AUC increased from 0.55 to 0.71
Detection rate improved from 17.07% to 80.49%
Cycle-GANs effectively generate useful synthetic anomalies
Abstract
Generative adversarial networks have been able to generate striking results in various domains. This generation capability can be general while the networks gain deep understanding regarding the data distribution. In many domains, this data distribution consists of anomalies and normal data, with the anomalies commonly occurring relatively less, creating datasets that are imbalanced. The capabilities that generative adversarial networks offer can be leveraged to examine these anomalies and help alleviate the challenge that imbalanced datasets propose via creating synthetic anomalies. This anomaly generation can be specifically beneficial in domains that have costly data creation processes as well as inherently imbalanced datasets. One of the domains that fits this description is the host-based intrusion detection domain. In this work, ADFA-LD dataset is chosen as the dataset of interest…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsSynthetic Minority Over-sampling Technique.
