SpringerLink
Log in

GANAD: A GAN-based method for network anomaly detection

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Cyber-intrusion always leads to severe threats to the network, i,e., system paralysis, information leaky, and economic losses. To protect network security, anomaly detection methods based on generative adversarial networks (GAN) for hindering cyber-intrusion have been proposed. However, existing GAN-based anomaly score methods built upon the generator network are designed for data synthesis, which would get unappealing performance on the anomaly detection task. Therefore, their low-efficient and unstable performance make detection tasks still quite challenging. To cope with these issues, we propose a novel GAN-based approach GANAD to address the above problems which is specifically designed for anomaly identification rather than data synthesis. Specifically, it first proposes a similar auto-encoder architecture, which makes up for the time-consuming problem of the traditional generator loss computation. In order to stabilize the training, the proposed discriminator training replaces JS divergence with Wasserstein distance adding gradient penalty. Then, it utilizes a new training strategy to better learn minority abnormal distribution from normal data, which contributes to the detection precision. Therefore, our approach can ensure the detection performance and overcomes the problem of unstable in the process of GAN training. Experimental results demonstrate that our approach achieves superior performance to state-of-the-art methods and reduces time consumption at the same time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Germany)

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Algorithm 1
Figure 6

Similar content being viewed by others

Availability of data and material

The data used to support the findings of this study are available from the corresponding author upon request.

Notes

  1. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  2. http://205.174.165.80/CICDataset/NSL-KDD/

  3. https://research.unsw.edu.au/projects/unsw-nb15-dataset

References

  1. Lin, P., Ye, K., Xu, C.-Z.: Dynamic network anomaly detection system by using deep learning techniques. In: International Conference on Cloud Computing, pp. 161–176. Springer (2019)

  2. Chou, D., Jiang, M.: A survey on data-driven network intrusion detection. ACM Comput. Surveys (CSUR) 54(9), 1–36 (2021)

    Article  Google Scholar 

  3. Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., Janicke, H.: A novel hierarchical intrusion detection system based on decision tree and rules-based models. In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233. IEEE (2019)

  4. Miao, X., Liu, Y., Zhao, H., Li, C.: Distributed online one-class support vector machine for anomaly detection over networks. IEEE Trans. Cybern. 49(4), 1475–1488 (2018)

    Article  Google Scholar 

  5. Pang, G., Cao, L., Chen, L., Liu, H.: Learning representations of ultrahigh-dimensional data for random distance-based outlier detection. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 2041–2050 (2018)

  6. Pang, G., Shen, C., **, H., Hengel, A.v.d.: Deep weakly-supervised anomaly detection. ar**v:1910.13601 (2019)

  7. Ruff, L., Vandermeulen, R.A., Görnitz, N., Binder, A., Müller, E., Müller, K.-R., Kloft, M.: Deep semi-supervised anomaly detection. In: International Conference on Learning Representations (2019)

  8. Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. Advances in neural information processing systems 27 (2014)

  9. Gill, P., Jain, N., Nagappan, N.: Understanding network failures in data centers: measurement, analysis, and implications. In: Proceedings of the ACM SIGCOMM 2011 Conference, pp. 350–361 (2011)

  10. Schlegl, T., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. In: International Conference on Information Processing in Medical Imaging, pp. 146–157. Springer (2017)

  11. Akcay, S., Atapour-Abarghouei, A., Breckon, T.P.: Ganomaly: Semi-supervised anomaly detection via adversarial training. In: Asian Conference on Computer Vision, pp. 622–637. Springer (2018)

  12. Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: A review. ACM Comput. Surveys (CSUR) 54(2), 1–38 (2021)

    Article  Google Scholar 

  13. Li, D., Chen, D., **, B., Shi, L., Goh, J., Ng, S.-K.: Mad-gan: Multivariate anomaly detection for time series data with generative adversarial networks. In: International Conference on Artificial Neural Networks, pp. 703–716. Springer (2019)

  14. Donahue, J., Krähenbühl, P., Darrell, T.: Adversarial feature learning. ar**v:1605.09782 (2016)

  15. **ong, L., Póczos, B., Schneider, J.: Group anomaly detection using flexible genre models. Advances in neural information processing systems 24 (2011)

  16. Blowers, M., Williams, J.: Machine learning applied to cyber operations. In: Network Science and Cybersecurity, pp. 155–175 (2014)

  17. Khan, M.S.A.: Rule based network intrusion detection using genetic algorithm. Int. J. Comput. Applic. 18(8), 26–29 (2011)

    Article  Google Scholar 

  18. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence 2(1), 41–50 (2018)

    Article  Google Scholar 

  19. Mulay, S.A., Devale, P., Garje, G.: Intrusion detection system using support vector machine and decision tree. Int. J. Comput. Applic. 3(3), 40–43 (2010)

    Article  Google Scholar 

  20. Selvakumar, K., Karuppiah, M., SaiRamesh, L., Islam, S.H., Hassan, M.M., Fortino, G., Choo, K.-K.R.: Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in wsns. Inform. Sci. 497, 77–90 (2019)

    Article  Google Scholar 

  21. Breunig, M.M., Kriegel, H.-P., Ng, R.T., Sander, J.: Lof: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, pp. 93–104 (2000)

  22. Peña, D., Prieto, F.J.: Multivariate outlier detection and robust covariance matrix estimation. Technometrics 43(3), 286–310 (2001)

    Article  MathSciNet  Google Scholar 

  23. Liu, F.T., Ting, K.M., Zhou, Z.-H.: Isolation forest. In: 2008 Eighth Ieee International Conference on Data Mining, pp. 413–422. IEEE (2008)

  24. Torres, P., Catania, C., Garcia, S., Garino, C.G.: An analysis of recurrent neural networks for botnet detection behavior. In: 2016 IEEE Biennial Congress of Argentina (ARGENCON), pp. 1–6. IEEE (2016)

  25. Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)

  26. Kwon, D., Natarajan, K., Suh, S.C., Kim, H., Kim, J.: An empirical study on network anomaly detection using convolutional neural networks. In: ICDCS, pp. 1595–1598 (2018)

  27. Zhao, G., Zhang, C., Zheng, L.: Intrusion detection using deep belief network and probabilistic neural network. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 1, pp. 639–642. IEEE (2017)

  28. Pang, G., van den Hengel, A., Shen, C., Cao, L.: Toward deep supervised anomaly detection: Reinforcement learning from partially labeled anomaly data. In: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, pp. 1298–1308 (2021)

  29. Wang, H., Pang, G., Shen, C., Ma, C.: Unsupervised representation learning by predicting random distances. In: Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence, pp. 2950–2956 (2021)

  30. Pang, G., Shen, C., van den Hengel, A.: Deep anomaly detection with deviation networks. In: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 353–362 (2019)

  31. Zhou, C., Paffenroth, R.C.: Anomaly detection with robust deep autoencoders. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 665–674 (2017)

  32. An, J., Cho, S.: Variational autoencoder based anomaly detection using reconstruction probability. Special Lecture on IE 2(1), 1–18 (2015)

    Google Scholar 

  33. Zong, B., Song, Q., Min, M.R., Cheng, W., Lumezanu, C., Cho, D., Chen, H.: Deep autoencoding gaussian mixture model for unsupervised anomaly detection. In: International Conference on Learning Representations (2018)

  34. Zhai, S., Cheng, Y., Lu, W., Zhang, Z.: Deep structured energy based models for anomaly detection. In: International Conference on Machine Learning, pp. 1100–1109. PMLR (2016)

  35. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: An ensemble of autoencoders for online network intrusion detection. In: Network and Distributed Systems Security (NDSS) Symposium (2018)

  36. Zenati, H., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient gan-based anomaly detection. ar**v:1802.06222 (2018)

  37. Zenati, H., Romain, M., Foo, C.-S., Lecouat, B., Chandrasekhar, V.: Adversarially learned anomaly detection. In: 2018 IEEE International Conference on Data Mining (ICDM), pp. 727–736. IEEE (2018)

  38. Mohammadi, B., Sabokrou, M.: End-to-end adversarial learning for intrusion detection in computer networks. In: 2019 IEEE 44th Conference on Local Computer Networks (LCN), pp. 270–273. IEEE (2019)

  39. Schlegl, T., Seeböck, P., Waldstein, S.M., Langs, G., Schmidt-Erfurth, U.: f-anogan: Fast unsupervised anomaly detection with generative adversarial networks. Med. Image Anal. 54, 30–44 (2019)

    Article  Google Scholar 

  40. de Araujo-Filho, P.F., Kaddoum, G., Campelo, D.R., Santos, A.G., Macêdo, D., Zanchettin, C.: Intrusion detection for cyber-physical systems using generative adversarial networks in fog environment. IEEE Internet Things J. 8(8), 6247–6256 (2020)

    Article  Google Scholar 

  41. Huang, S., Lei, K.: Igan-ids: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Netw. 105,(2020)

  42. Yuan, D., Ota, K., Dong, M., Zhu, X., Wu, T., Zhang, L., Ma, J.: Intrusion detection for smart home security based on data augmentation with edge computing. In: ICC 2020-2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)

  43. Flores, S.: Variational Autoencoders Are Beautiful. https://www.compthree.com/blog/autoencoder/ (2019).  Accessed 15 Apr 2019

  44. Miyato, T., Kataoka, T., Koyama, M., Yoshida, Y.: Spectral normalization for generative adversarial networks. ar**v:1802.05957 (2018)

  45. Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.C.: Improved training of wasserstein gans. Advances in neural information processing systems 30 (2017)

  46. Roth, K., Lucchi, A., Nowozin, S., Hofmann, T.: Stabilizing training of generative adversarial networks through regularization. Advances in neural information processing systems 30 (2017)

  47. Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: International Conference on Machine Learning, pp. 214–223. PMLR (2017)

  48. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. Ieee (2009)

  49. Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)

  50. Schölkopf, B., Williamson, R.C., Smola, A., Shawe-Taylor, J., Platt, J.: Support vector method for novelty detection. Advances in neural information processing systems 12 (1999)

Download references

Acknowledgements

This work was supported by the National Key Research and Development Program of China (No.2020YFB1805400) and the National Natural Science Foundation of China (61876134).

Funding

This work was supported by the National Key Research and Development Program of China (No.2020YFB1805400) and the National Natural Science Foundation of China (61876134).

Author information

Authors and Affiliations

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, 430072, Wuhan, China

    Jie Fu, Lina Wang, Jianpeng Ke, Kang Yang & Rongwei Yu

Authors
  1. Jie Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lina Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianpeng Ke
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rongwei Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Jie Fu wrote the main manuscript text, Jianpeng Ke, and Kang Yang investigated the manuscript. Lina Wang and Rongwei Yu supervise the manuscript. All authors reviewed the manuscript.

Corresponding author

Correspondence to Lina Wang.

Ethics declarations

Ethical Approval

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Conflicts of interest

The authors declare that there is no competing interest regarding the publication of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Special Issue on Privacy and Security in Machine Learning

Guest Editors: ** Li, Francesco Palmieri and Changyu Dong.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fu, J., Wang, L., Ke, J. et al. GANAD: A GAN-based method for network anomaly detection. World Wide Web 26, 2727–2748 (2023). https://doi.org/10.1007/s11280-023-01160-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-023-01160-4

Keywords

Search

Navigation