Flow-based data sets are necessary for evaluating network-based intrusion de-
tection systems (NIDS). In this work, we propose a novel methodology for gener-
ating realistic flow-based network traffic. Our approach is based on Generative
Adversarial Networks (GANs) which achieve good results for image generation.
A major challenge lies in the fact that GANs can only process continuous at-
tributes. However, flow-based data inevitably contain categorical attributes
such as IP addresses or port numbers. Therefore, we propose three different
preprocessing approaches for flow-based data in order to transform them into
continuous values. Further, we present a new method for evaluating the gener-
ated flow-based network traffic which uses domain knowledge to define quality
tests. We use the three approaches for generating flow-based network traffic
based on the CIDDS-001 data set. Experiments indicate that two of the three
approaches are able to generate high quality data.
%0 Journal Article
%1 journals/corr/abs-1810-07795
%A Ring, Markus
%A Schlör, Daniel
%A Landes, Dieter
%A Hotho, Andreas
%D 2018
%J Computing Research Repository CoRR
%K mr
%T Flow-based Network Traffic Generation using Generative Adversarial Networks.
%U http://dblp.uni-trier.de/db/journals/corr/corr1810.html#abs-1810-07795
%V abs/1810.07795
%X Flow-based data sets are necessary for evaluating network-based intrusion de-
tection systems (NIDS). In this work, we propose a novel methodology for gener-
ating realistic flow-based network traffic. Our approach is based on Generative
Adversarial Networks (GANs) which achieve good results for image generation.
A major challenge lies in the fact that GANs can only process continuous at-
tributes. However, flow-based data inevitably contain categorical attributes
such as IP addresses or port numbers. Therefore, we propose three different
preprocessing approaches for flow-based data in order to transform them into
continuous values. Further, we present a new method for evaluating the gener-
ated flow-based network traffic which uses domain knowledge to define quality
tests. We use the three approaches for generating flow-based network traffic
based on the CIDDS-001 data set. Experiments indicate that two of the three
approaches are able to generate high quality data.
@article{journals/corr/abs-1810-07795,
abstract = {Flow-based data sets are necessary for evaluating network-based intrusion de-
tection systems (NIDS). In this work, we propose a novel methodology for gener-
ating realistic flow-based network traffic. Our approach is based on Generative
Adversarial Networks (GANs) which achieve good results for image generation.
A major challenge lies in the fact that GANs can only process continuous at-
tributes. However, flow-based data inevitably contain categorical attributes
such as IP addresses or port numbers. Therefore, we propose three different
preprocessing approaches for flow-based data in order to transform them into
continuous values. Further, we present a new method for evaluating the gener-
ated flow-based network traffic which uses domain knowledge to define quality
tests. We use the three approaches for generating flow-based network traffic
based on the CIDDS-001 data set. Experiments indicate that two of the three
approaches are able to generate high quality data.},
added-at = {2018-10-31T12:33:02.000+0100},
author = {Ring, Markus and Schlör, Daniel and Landes, Dieter and Hotho, Andreas},
biburl = {https://www.bibsonomy.org/bibtex/273b7ee2233d99ba750da03584453a3ed/baywiss1},
ee = {http://arxiv.org/abs/1810.07795},
interhash = {b362e4932b7a745d5a8dffc7ebdfb288},
intrahash = {73b7ee2233d99ba750da03584453a3ed},
journal = {Computing Research Repository CoRR},
keywords = {mr},
timestamp = {2019-03-13T12:39:26.000+0100},
title = {Flow-based Network Traffic Generation using Generative Adversarial Networks.},
url = {http://dblp.uni-trier.de/db/journals/corr/corr1810.html#abs-1810-07795},
volume = {abs/1810.07795},
year = 2018
}