Research On Network Intrusion Detection Based On Generative Adversarial Networks

At present,intrusion detection research based on deep learning is focused on discriminative models.Generative models are rarely used as intrusion detection models,even if some papers use the generation model,they are just based on the abnormal data in the data set to generate "fake data" that is sufficiently similar to the abnormal data to expand the number of abnormal data,and then put the expanded abnormal data and normal data into the discriminant model for classification,which essentially uses the discriminant model for anomaly detection.As long as the discriminative model is used,it is inseparable from the labeled data set.It is necessary to clearly know which data is abnormal data and which data is normal data.However,in the real network environment,the number of visits by normal users is far more than intrusions.Normal data is easier to obtain,while abnormal data is relatively difficult to obtain.Aiming at the problem that abnormal data is difficult to gain,this paper has designed an intrusion detection model based on deep convolution generative adversarial networks named DCGAN-IDM.In the training phase,only normal data is used to train the model,so that the model can only learn the feature distribution of normal data.In the testing phase,the "fake data" generated after the normal data passes the model has a small difference from the input data(ie normal data),while the "fake data" generated after the abnormal data passes the model has a large deviation from the input data(ie abnormal data),therefore,the abnormal data can be found by comparing the gap between the generated data and the input data.The model in this paper improves the generator into an encoding-decoding structure.The encoder uses a convolution operation to extract the feature vector of the input data,and the decoder uses a deconvolution operation to "restore" the feature vector to generated data similar to the input data.The Euclidean distance between the input data and the generated data is used as the judgment basis.Once the distance is greater than the set threshold,the input data is considered abnormal data.After that,this paper improved DCGAN-IDM,and designed Dilated Convolution GAN-IDM,an intrusion detection model based on the dilated convolution generative adversarial networks.By introducing dilated convolution,the receptive field of the model is increased,and the feature vector extracted by the encoder is more biased toward the overall feature.And the distance between the feature vector of the input data and the feature vector of the generated data is used as a loss function and added to the model training to obtain a better model structure.This article is verified on the KDD99 data set.The experimental results show that the accuracy of DCGAN-IDM reaches 96.89%,the detection rate reaches 96.63%,and the false alarm rate is only 2.06%,which is better than some deep learning algorithms.Compared with DCGAN-IDM,Dilated Convolution GAN-IDM has improved accuracy and detection rate,reaching 97.58% and 97.45%,and the false alarm rate has also dropped to only 1.91%.The above experiments show that the intrusion detection model designed in this paper has certain reference significance for the research and development of this field.