Loading…
Low-sample classification in NIDS using the EC-GAN method
Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems re...
Saved in:
| Published in: | J.UCS (Annual print and CD-ROM archive ed.) 2022-01, Vol.28 (12), p.1330-1346 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c400t-cf617cc9f6cbbdaa9aab710294cfaba9ad32a0e200ce68890579a2ad6f6957a83 |
|---|---|
| cites | |
| container_end_page | 1346 |
| container_issue | 12 |
| container_start_page | 1330 |
| container_title | J.UCS (Annual print and CD-ROM archive ed.) |
| container_volume | 28 |
| creator | Zekan, Marko Tomičić, Igor Schatten, Markus |
| description | Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.
Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.
To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author's results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset. |
| doi_str_mv | 10.3897/jucs.85703 |
| format | article |
| fullrecord | <record><control><sourceid>gale_doaj_</sourceid><recordid>TN_cdi_proquest_journals_2830891759</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A777671341</galeid><doaj_id>oai_doaj_org_article_a5c18f0924604f61b9bb756285176a90</doaj_id><sourcerecordid>A777671341</sourcerecordid><originalsourceid>FETCH-LOGICAL-c400t-cf617cc9f6cbbdaa9aab710294cfaba9ad32a0e200ce68890579a2ad6f6957a83</originalsourceid><addsrcrecordid>eNo9UU1LAzEQXUTBWr34Cxa8CVsn-5GPY6m1Fko9qOAtzGaTNqXd1GSL-O9Nu1LmMDOPN28evCS5JzAquGBPm4MKI14xKC6SAYiSZ1RQfnmeq6_r5CaEDUBOqeCDRCzcTxZwt9_qVG0xBGusws66NrVtupw_v6eHYNtV2q11Op1ks_Ey3elu7Zrb5MrgNui7_z5MPl-mH5PXbPE2m0_Gi0yVAF2mDCVMKWGoqusGUSDWjEAuSmWwjmtT5Ag6B1Caci6gYgJzbKiJbhnyYpjMe93G4Ubuvd2h_5UOrTwBzq8k-s6qrZZYKcINiLykUMa_tahrVtGcV4RRFBC1HnqtvXffBx06uXEH30b7MucFcEFYJSJr1LNWGEVta1znUcVq9M4q12pjIz5mjFFGipLEg8f-QHkXgtfmbJOAPOYij7nIUy7FHyNJfjU</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2830891759</pqid></control><display><type>article</type><title>Low-sample classification in NIDS using the EC-GAN method</title><source>ProQuest - Publicly Available Content Database</source><source>EZB Electronic Journals Library</source><creator>Zekan, Marko ; Tomičić, Igor ; Schatten, Markus</creator><creatorcontrib>Zekan, Marko ; Tomičić, Igor ; Schatten, Markus</creatorcontrib><description>Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.
Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.
To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author's results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.</description><identifier>ISSN: 0948-695X</identifier><identifier>EISSN: 0948-6968</identifier><identifier>DOI: 10.3897/jucs.85703</identifier><language>eng</language><publisher>Bristol: Pensoft Publishers</publisher><subject>Analysis ; Artificial neural networks ; Classification ; Classifiers ; cybersecurity ; Datasets ; Detectors ; GAN ; Liquors ; Machine learning ; Methods ; network security ; Neural networks ; NIDS ; synthe ; Synthetic data ; Tables (data) ; Training</subject><ispartof>J.UCS (Annual print and CD-ROM archive ed.), 2022-01, Vol.28 (12), p.1330-1346</ispartof><rights>COPYRIGHT 2022 Pensoft Publishers</rights><rights>2022. This work is licensed under https://creativecommons.org/licenses/by-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c400t-cf617cc9f6cbbdaa9aab710294cfaba9ad32a0e200ce68890579a2ad6f6957a83</citedby><orcidid>0000-0002-8626-9507 ; 0000-0001-6910-8675</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2830891759?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,778,782,25736,27907,27908,36995,44573</link.rule.ids></links><search><creatorcontrib>Zekan, Marko</creatorcontrib><creatorcontrib>Tomičić, Igor</creatorcontrib><creatorcontrib>Schatten, Markus</creatorcontrib><title>Low-sample classification in NIDS using the EC-GAN method</title><title>J.UCS (Annual print and CD-ROM archive ed.)</title><description>Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.
Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.
To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author's results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.</description><subject>Analysis</subject><subject>Artificial neural networks</subject><subject>Classification</subject><subject>Classifiers</subject><subject>cybersecurity</subject><subject>Datasets</subject><subject>Detectors</subject><subject>GAN</subject><subject>Liquors</subject><subject>Machine learning</subject><subject>Methods</subject><subject>network security</subject><subject>Neural networks</subject><subject>NIDS</subject><subject>synthe</subject><subject>Synthetic data</subject><subject>Tables (data)</subject><subject>Training</subject><issn>0948-695X</issn><issn>0948-6968</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><sourceid>DOA</sourceid><recordid>eNo9UU1LAzEQXUTBWr34Cxa8CVsn-5GPY6m1Fko9qOAtzGaTNqXd1GSL-O9Nu1LmMDOPN28evCS5JzAquGBPm4MKI14xKC6SAYiSZ1RQfnmeq6_r5CaEDUBOqeCDRCzcTxZwt9_qVG0xBGusws66NrVtupw_v6eHYNtV2q11Op1ks_Ey3elu7Zrb5MrgNui7_z5MPl-mH5PXbPE2m0_Gi0yVAF2mDCVMKWGoqusGUSDWjEAuSmWwjmtT5Ag6B1Caci6gYgJzbKiJbhnyYpjMe93G4Ubuvd2h_5UOrTwBzq8k-s6qrZZYKcINiLykUMa_tahrVtGcV4RRFBC1HnqtvXffBx06uXEH30b7MucFcEFYJSJr1LNWGEVta1znUcVq9M4q12pjIz5mjFFGipLEg8f-QHkXgtfmbJOAPOYij7nIUy7FHyNJfjU</recordid><startdate>20220101</startdate><enddate>20220101</enddate><creator>Zekan, Marko</creator><creator>Tomičić, Igor</creator><creator>Schatten, Markus</creator><general>Pensoft Publishers</general><general>Graz University of Technology</general><scope>AAYXX</scope><scope>CITATION</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-8626-9507</orcidid><orcidid>https://orcid.org/0000-0001-6910-8675</orcidid></search><sort><creationdate>20220101</creationdate><title>Low-sample classification in NIDS using the EC-GAN method</title><author>Zekan, Marko ; Tomičić, Igor ; Schatten, Markus</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c400t-cf617cc9f6cbbdaa9aab710294cfaba9ad32a0e200ce68890579a2ad6f6957a83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Analysis</topic><topic>Artificial neural networks</topic><topic>Classification</topic><topic>Classifiers</topic><topic>cybersecurity</topic><topic>Datasets</topic><topic>Detectors</topic><topic>GAN</topic><topic>Liquors</topic><topic>Machine learning</topic><topic>Methods</topic><topic>network security</topic><topic>Neural networks</topic><topic>NIDS</topic><topic>synthe</topic><topic>Synthetic data</topic><topic>Tables (data)</topic><topic>Training</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zekan, Marko</creatorcontrib><creatorcontrib>Tomičić, Igor</creatorcontrib><creatorcontrib>Schatten, Markus</creatorcontrib><collection>CrossRef</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer science database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest - Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>J.UCS (Annual print and CD-ROM archive ed.)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zekan, Marko</au><au>Tomičić, Igor</au><au>Schatten, Markus</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Low-sample classification in NIDS using the EC-GAN method</atitle><jtitle>J.UCS (Annual print and CD-ROM archive ed.)</jtitle><date>2022-01-01</date><risdate>2022</risdate><volume>28</volume><issue>12</issue><spage>1330</spage><epage>1346</epage><pages>1330-1346</pages><issn>0948-695X</issn><eissn>0948-6968</eissn><abstract>Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.
Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.
To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author's results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.</abstract><cop>Bristol</cop><pub>Pensoft Publishers</pub><doi>10.3897/jucs.85703</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0002-8626-9507</orcidid><orcidid>https://orcid.org/0000-0001-6910-8675</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0948-695X |
| ispartof | J.UCS (Annual print and CD-ROM archive ed.), 2022-01, Vol.28 (12), p.1330-1346 |
| issn | 0948-695X 0948-6968 |
| language | eng |
| recordid | cdi_proquest_journals_2830891759 |
| source | ProQuest - Publicly Available Content Database; EZB Electronic Journals Library |
| subjects | Analysis Artificial neural networks Classification Classifiers cybersecurity Datasets Detectors GAN Liquors Machine learning Methods network security Neural networks NIDS synthe Synthetic data Tables (data) Training |
| title | Low-sample classification in NIDS using the EC-GAN method |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T08%3A39%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Low-sample%20classification%20in%20NIDS%20using%20the%20EC-GAN%20method&rft.jtitle=J.UCS%20(Annual%20print%20and%20CD-ROM%20archive%20ed.)&rft.au=Zekan,%20Marko&rft.date=2022-01-01&rft.volume=28&rft.issue=12&rft.spage=1330&rft.epage=1346&rft.pages=1330-1346&rft.issn=0948-695X&rft.eissn=0948-6968&rft_id=info:doi/10.3897/jucs.85703&rft_dat=%3Cgale_doaj_%3EA777671341%3C/gale_doaj_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c400t-cf617cc9f6cbbdaa9aab710294cfaba9ad32a0e200ce68890579a2ad6f6957a83%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2830891759&rft_id=info:pmid/&rft_galeid=A777671341&rfr_iscdi=true |