SynGAN: Towards Generating Synthetic Network Attacks using GANs

TL;DR

SynGAN is a framework that uses GANs to generate realistic synthetic network attack data, aiding in testing and improving network intrusion detection systems by emulating real-world attack mutations.

Contribution

This paper introduces SynGAN, the first framework to generate adversarial network attacks with GANs, enhancing the testing of intrusion detection systems.

Findings

Synthetic attacks are indistinguishable from real attacks using classifiers.

SynGAN improves the robustness of NIDS against diverse attack mutations.

Comparison of datasets shows effectiveness in generating DDoS attack variants.

Abstract

The rapid digital transformation without security considerations has resulted in the rise of global-scale cyberattacks. The first line of defense against these attacks are Network Intrusion Detection Systems (NIDS). Once deployed, however, these systems work as blackboxes with a high rate of false positives with no measurable effectiveness. There is a need to continuously test and improve these systems by emulating real-world network attack mutations. We present SynGAN, a framework that generates adversarial network attacks using the Generative Adversial Networks (GAN). SynGAN generates malicious packet flow mutations using real attack traffic, which can improve NIDS attack detection rates. As a first step, we compare two public datasets, NSL-KDD and CICIDS2017, for generating synthetic Distributed Denial of Service (DDoS) network attacks. We evaluate the attack quality (real vs. synthetic) using a gradient boosting classifier.