![]() The work in adopted that approach and proposed FID-GAN, a GAN-based IDS for detecting cyber-attacks in a water treatment plant. Therefore, a GAN-based IDS may decide whether a sample under evaluation is an anomaly by combining both the discrimination and reconstruction losses into a single anomaly detection score so that samples with large anomaly detection scores are considered potentially malicious. The reconstruction loss corresponds to the residual error between the data sample under evaluation and its reconstructed version obtained from the GAN generator. ![]() Moreover, recent works have shown that the GAN generator can also contribute to the detection of anomalies through the computation of a reconstruction error, which is then combined with the discrimination loss. After training, the discriminator receives data samples and outputs a discrimination loss that corresponds to a probability or a score that indicates how likely that data represents an anomaly. Hence, the GAN discriminator can be used to detect intrusions. Wait a minute! If the discriminator distinguishes between real and fake benign data, it identifies anomalies and malicious samples even if they are similar to the benign data. The discriminator, on the other hand, will learn how to distinguish between benign data and fake data produced by the generator. Thus, if a GAN is trained using only bening data from networks and systems, the GAN generator will learn how those data behave and how to produce data similar to it. But how such a GAN may be used to detect intrusions? Although GANs have been first applied on images, they can be used to identify patterns in any type of data, such as network flows, Windows’ event logs, and even measurements from sensors in a factory. Zebra generated from a horse using GANs (obtained from ) Detecting Intrusions with GANs For instance, Figure 3 shows a zebra that was generated from a horse using GANs.įigure 3. The GAN generator implicitly models the system, i.e., it implicitly learns what patterns are present in a given set of data, which allows more powerful applications. Real (last column) and fake handwritten digits produced by a GAN generator (obtained from )Īlthough generating handwritten digits or cat images may seem silly, GANs are an extremely sophisticated and powerful structure. GAN framework (obtained from )įigure 2 shows handwritten digits created by a GAN generator after training in its first five columns and real handwritten digits in its last column. Figure 1 shows the GAN training framework for a set of handwritten digit images. That process goes on until both the generator and discriminator stabilizes. Then, it is the discriminator that makes an extra effort to be able to distinguish between real and fake cat images again. If the discriminator starts to get it right most of the time, the generator makes an extra effort by adjusting its weights a bit more so that it creates better cat images that the discriminator cannot recognize. Thus, given a set of cat images, for example, the generator starts understanding how those images look and how to produce new cat images whereas the discriminator learns how to distinguish between real and fake cat images. Their proposed discriminator, on the other hand, had the task of distinguishing between images that were real and those that were created by the generator. The authors of designed a generator neural network that was capable of generating fake images that looked like real ones from random vectors. That idea, and the concept of GANs, were originally developed in for creating fake images. ![]() As a result, both players end up improving their performance and achieving better results. It is like they are two chess players so that when one of them starts winning, the other trains a bit harder to reverse the score. ![]() These networks have different goals and compete with each other in an adversarial training process so that when one of them gets better the other must improve and keep up. Rather than being a single neural network, GANs are a framework that consists of two neural networks: generator and discriminator. Now, we present a fourth technique, namely, generative adversarial networks (GANs), and explain how it can be used to detect malicious activities in anomaly-based IDSs. In the previous posts, we discussed the differences between signature and anomaly-based intrusion detection, and three unsupervised techniques for detecting intrusions: clustering, one-class novelty detection, and autoencoders. This is the fifth and final blog post of our series “Empowering Intrusion Detection Systems with Machine Learning”, in which we discuss the use of machine learning in intrusion detection systems (IDSs).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |