| Summary: | Aiming at unknown or variant ransomware attack encrypted with SSL (Secure Sockets Layer)/ TLS (Transport Layer Security) protocol, a detection framework named TGAN-IDS (Transferred Generating Adversarial Network-Intrusion Detection System) based on dual generative adversarial networks is presented in this paper. In this framework, DCGAN (Deep Convolutional Generative Adversarial Network) is adopted to train a generator which has good performance to generate adversarial sample, and is transferred to the generator of TGAN. A pre-training model named PreD is built based on CNN (Convolutional Neural Network), which has good performance to do binary classification, and is transferred to the discriminator of TGAN. The generator and discriminator of TGAN play games in training process until the discriminator has a strong ability to detection unknown attack, and then it is output as an anomaly detector. In order to suppress the deterioration of normal sample detection ability during adversarial training of TGAN, a reconstruction loss function is introduced into the target function of TGAN. Experiments on a mixed dataset which is constructed by CICIDS2017 and other ransomware datasets show comparing with other deep learning network, such as AlexNet, ResNet and DenseNet etc., TGAN-IDS performs well in the indicators of detection accuracy, recall or F1-score etc. Also experiments on KDD99, SWaT and WADI datasets show that TGAN-IDS is suitable for other unencrypted unknown network attack detection.
|
|---|