On the Veracity of Cyber Intrusion Alerts Synthesized by Generative Adversarial Networks

by   Christopher Sweet, et al.

Recreating cyber-attack alert data with a high level of fidelity is challenging due to the intricate interaction between features, non-homogeneity of alerts, and potential for rare yet critical samples. Generative Adversarial Networks (GANs) have been shown to effectively learn complex data distributions with the intent of creating increasingly realistic data. This paper presents the application of GANs to cyber-attack alert data and shows that GANs not only successfully learn to generate realistic alerts, but also reveal feature dependencies within alerts. This is accomplished by reviewing the intersection of histograms for varying alert-feature combinations between the ground truth and generated datsets. Traditional statistical metrics, such as conditional and joint entropy, are also employed to verify the accuracy of these dependencies. Finally, it is shown that a Mutual Information constraint on the network can be used to increase the generation of low probability, critical, alert values. By mapping alerts to a set of attack stages it is shown that the output of these low probability alerts has a direct contextual meaning for Cyber Security analysts. Overall, this work provides the basis for generating new cyber intrusion alerts and provides evidence that synthesized alerts emulate critical dependencies from the source dataset.


page 1

page 7

page 10


Generative Adversarial Networks for Synthetic Data Generation: A Comparative Study

Generative Adversarial Networks (GANs) are gaining increasing attention ...

An error analysis of generative adversarial networks for learning distributions

This paper studies how well generative adversarial networks (GANs) learn...

S2cGAN: Semi-Supervised Training of Conditional GANs with Fewer Labels

Generative adversarial networks (GANs) have been remarkably successful i...

Synthesis of Adversarial DDOS Attacks Using Tabular Generative Adversarial Networks

Network Intrusion Detection Systems (NIDS) are tools or software that ar...

An Unsupervised Way to Understand Artifact Generating Internal Units in Generative Neural Networks

Despite significant improvements on the image generation performance of ...

RareGAN: Generating Samples for Rare Classes

We study the problem of learning generative adversarial networks (GANs) ...

Please sign up or login with your details

Forgot password? Click here to reset