Network Intrusion Detection Based on Dual-Encoder Generative Adversarial Network

Abstract:
Accurate network intrusion detection is critical in network security protection and network running properly. Considering the important influence of the imbalance in the number of normal samples and intrusion samples in real networks and the excellent performance of Generative Adversarial Networks (GANs) in the field of anomaly detection, this paper proposes Dual-Encoding Generative Adversarial Network (DE-GAN), which only use normal data for training. In this model, an encoder is added before and after the generator. The former encoder inputs real samples and learns its features through stacked convolutional layers, and then the generator reconstructs the feature vectors into fake samples; the latter encoder learns the fake samples feature. Finally, real samples and fake samples are fed to the discriminator to distinguish and score them. During training, on the one hand, the feature learning and data generation capabilities are improved by reducing the feature difference between the outputs of the two encoders and reducing the reconstruction difference between the data before and after reconstruction; and on the other hand, the discriminative ability is improved by reducing the score difference between real samples and fake samples. During testing, the feature difference, reconstruction difference and score difference are summed to detect network intrusion data based on the size of the sum. A case study based on the KDD99 dataset shows that this model can improve the accuracy of network intrusion. Comparisons with commonly used traditional machine learning and deep learning models show that the proposed model outperforms these network intrusion detection methods in terms of accuracy rate, detection rate, and false positive rate.