关键词: 深度学习, 生成对抗网络, 异常检测, 栈式自编码器

Abstract: In recent years, the rapid development of technologies in the field of machine learning (ML) and deep learning (DL) has led to increasing research on their application in intrusion detection systems (IDS). However, current datasets in the field of intrusion detection face issues such as feature redundancy and an imbalance in the number of samples across different attack categories. To solve these problems, a network anomaly detecting method based on stacked autoencoder (SAE) and Wasserstein generative adversarial network (WGAN) is proposed. Firstly, to address the problem of feature redundancy, this paper employs the encoding-hidden layer-decoding concept of SAEs for data dimensionality reduction. This approach refines various features and extracts lower-dimensional features that are more suitable for classification. Secondly, to tackle the issue of sample imbalance (limited data volume and diversity), the processed data is used as input for the generator in the WGAN model. The generative capabilities of the generative adversarial network are utilized for sample augmentation, thereby compensating for the lack of certain types of samples during the training of the classification model. Finally, the random forest (RF) classification model is used for detection. Experimental results on NSL-KDD dataset show that SAE-WGAN-RF model which based on  the proposed method achieves an F1-Score of 95.58%, Recall of 96.54%, and Precision of 96.03%, representing significant improvements compared to common classical algorithms.

Key words: deep learning, generative adversarial networks, anomaly detection, stack autoencoder