Flow-based data sets are necessary for evaluating network-based intrusion detection systems (NIDS). In this work, we propose a novel methodology for generating realistic flow-based network traffic. Our approach is based on Generative Adversarial Networks (GANs) which achieve good results for image generation. A major challenge lies in the fact that GANs can only process continuous attributes. However, flow-based data inevitably contain categorical attributes such as IP addresses or port numbers. Therefore, we propose three different preprocessing approaches for flow-based data in order to transform them into continuous values. Further, we present a new method for evaluating the generated flow-based network traffic which uses domain knowledge to define quality tests. We use the three approaches for generating flow-based network traffic based on the CIDDS-001 data set. Experiments indicate that two of the three approaches are able to generate high quality data.
Description
Flow-based network traffic generation using Generative Adversarial Networks - ScienceDirect
%0 Journal Article
%1 RING2019156
%A Ring, Markus
%A Schlör, Daniel
%A Landes, Dieter
%A Hotho, Andreas
%D 2019
%J Computers & Security
%K 2019 GAN app_security author:schloer csf data_generation flow from:hotho generation myown network research_imbalanced_data security selected traffic
%P 156 - 172
%R https://doi.org/10.1016/j.cose.2018.12.012
%T Flow-based network traffic generation using Generative Adversarial Networks
%U http://www.sciencedirect.com/science/article/pii/S0167404818308393
%V 82
%X Flow-based data sets are necessary for evaluating network-based intrusion detection systems (NIDS). In this work, we propose a novel methodology for generating realistic flow-based network traffic. Our approach is based on Generative Adversarial Networks (GANs) which achieve good results for image generation. A major challenge lies in the fact that GANs can only process continuous attributes. However, flow-based data inevitably contain categorical attributes such as IP addresses or port numbers. Therefore, we propose three different preprocessing approaches for flow-based data in order to transform them into continuous values. Further, we present a new method for evaluating the generated flow-based network traffic which uses domain knowledge to define quality tests. We use the three approaches for generating flow-based network traffic based on the CIDDS-001 data set. Experiments indicate that two of the three approaches are able to generate high quality data.
@article{RING2019156,
abstract = {Flow-based data sets are necessary for evaluating network-based intrusion detection systems (NIDS). In this work, we propose a novel methodology for generating realistic flow-based network traffic. Our approach is based on Generative Adversarial Networks (GANs) which achieve good results for image generation. A major challenge lies in the fact that GANs can only process continuous attributes. However, flow-based data inevitably contain categorical attributes such as IP addresses or port numbers. Therefore, we propose three different preprocessing approaches for flow-based data in order to transform them into continuous values. Further, we present a new method for evaluating the generated flow-based network traffic which uses domain knowledge to define quality tests. We use the three approaches for generating flow-based network traffic based on the CIDDS-001 data set. Experiments indicate that two of the three approaches are able to generate high quality data.},
added-at = {2019-07-01T03:10:06.000+0200},
author = {Ring, Markus and Schlör, Daniel and Landes, Dieter and Hotho, Andreas},
biburl = {https://www.bibsonomy.org/bibtex/2931a3b3d44733504dfd0b979d1047648/dmir},
description = {Flow-based network traffic generation using Generative Adversarial Networks - ScienceDirect},
doi = {https://doi.org/10.1016/j.cose.2018.12.012},
interhash = {2de722dd2eb9c824e36f9e3e1d84e648},
intrahash = {931a3b3d44733504dfd0b979d1047648},
issn = {0167-4048},
journal = {Computers & Security},
keywords = {2019 GAN app_security author:schloer csf data_generation flow from:hotho generation myown network research_imbalanced_data security selected traffic},
pages = {156 - 172},
timestamp = {2024-04-09T14:01:01.000+0200},
title = {Flow-based network traffic generation using Generative Adversarial Networks},
url = {http://www.sciencedirect.com/science/article/pii/S0167404818308393},
volume = 82,
year = 2019
}