1 GAN
-
What is GAN?
GAN = Generative Adversarial Network -
A GAN architecture
Generative Adversarial Network is a relatively new class of artificial neural networks, which consists of a combination of two neural networks.
-
Discriminator :Take samples of true data and generated data and try to classify them as well as possible
-
Generator :Trained to fool the discriminator as much as possible
3.The training process
-
Discriminator :the goal of the generator is to fool the discriminator, so the generative neural network is trained to maximize the final classification error
-
Generator :the goal of the discriminator is to detect fake generated data, so the discriminative neural network is trained to minimize the final classification error
At each iteration of the training process, the weights of the generative network are updated in order to increase the classification error (error gradient ascent) while the weights of the discriminative network are updated to decrease this error(error gradient descent)
4.matiematical detail about GAN
- If send to the discriminator "true" and "generated" data in the same proportions, the error function can be expressed as:
$$
E(G,D)=E_{x\sim p_{data}}\lbrack1-D(x)\rbrack+E_{x\sim p_G}\lbrack D(x)\rbrack
$$
- As for generator, its loss function can be expressed as:
$$
\underset G{max}(\underset D{min};E(G,D))
$$
2 Related work
Evaluation Of GAN Applicability for Intrusion Detection in Self-Organizing Networks of Cyber-Physical Systems
-
Proposes a new approach for intrusion detection that uses GAN for the large-scale networks of a connected cyber-physical system.
-
GAN can solve is the generation of additional anomalous samples to improve the quality and plenty of the marked dataset. Since neural data prevail in m2m2 traffic, the problem of data class imbalance arises. The dimension of the neutral class is much larger than the amount of anomalous data. The BIGAN (adversarial autoencoder) is proposed to solve this problem.
-
Experiment: To model the GAN, the dataset whose size is 2000 is used. Each record contains nine parameters.
- The GAN can be applied to search for security anomalies and cyber threats, as well as to generate additional anomalies to improve the quality of the marked data samples.
Bringing a GAN to a Knife-fight: Adapting MalwareCommunication to Avoid Detection
-
In this paper, GAN is proposed to learn to imitate traffic. Based on input parameters from the GAN, the real malware modifies its behavior in order to mimic normal traffic. The author also uses the Stratosphere IPS to block the malware, using the feedback to adapt the weights of the intrusion detection system.
-
The GAN is implemented independently and communicates with the malware through a web service. The malware gets the parameter and modifies its traffic in real-time. The IPS system block all traffic that does not like a normal chat.
- The table shows that as the number of training epochs increased, blocking action go to zero
- This work shows it is possible to improve the chances of the malware not being blocked by mimicking traffic. Moreover, it is shown that a small amount of data for training the GAN is enough.
Generative Adversarial Networks for DistributedIntrusion Detection in the Internet of Things
- This paper is to propose a distributed generative adversarial network (GAN) architecture that can be used as an IDS for IoT systems.
GIDS: GAN based Intrusion Detection System for In-Vehicle Network
- This paper proposes an IDS model based on GAN for in-vehicle.
