GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

TL;DR

This paper introduces GADoT, a GAN-based adversarial training method that significantly improves the robustness of network intrusion detection systems against adversarial DDoS attacks, reducing undetected malicious flows from over 60% to below 2%.

Contribution

GADoT is a novel adversarial training approach utilizing GANs to generate realistic adversarial DDoS samples for enhancing NIDS robustness.

Findings

Adversarial attacks can cause over 60% of malicious flows to go undetected.

GADoT reduces undetected malicious flows to 1.8% or less after training.

The method significantly improves NIDS resilience against adversarial DDoS attacks.

Abstract

Machine Learning (ML) has proven to be effective in many application domains. However, ML methods can be vulnerable to adversarial attacks, in which an attacker tries to fool the classification/prediction mechanism by crafting the input data. In the case of ML-based Network Intrusion Detection Systems (NIDSs), the attacker might use their knowledge of the intrusion detection logic to generate malicious traffic that remains undetected. One way to solve this issue is to adopt adversarial training, in which the training set is augmented with adversarial traffic samples. This paper presents an adversarial training approach called GADoT, which leverages a Generative Adversarial Network (GAN) to generate adversarial DDoS samples for training. We show that a state-of-the-art NIDS with high accuracy on popular datasets can experience more than 60% undetected malicious flows under adversarial attacks. We then demonstrate how this score drops to 1.8% or less after adversarial training using GADoT.