论文标题
FGAN:用于网络流量中异常检测的联合生成对抗网络
FGAN: Federated Generative Adversarial Networks for Anomaly Detection in Network Traffic
论文作者
论文摘要
在过去的二十年中,在改善网络安全性方面已经完成了许多工作,尤其是在入侵检测系统(IDS)和异常检测方面。 IDS中还采用了机器学习解决方案来检测传入流量中的已知和合理攻击。诸如数据包内容,发件人IP和发件人端口,连接持续时间等的参数先前已被用于训练这些机器学习模型,以学会将真实流量与恶性流量区分开。生成的对抗网络(GAN)在检测此类异常方面取得了显着成功,主要归因于生成器和鉴别器的对抗训练,以试图绕过彼此,进而提高其自身的力量和准确性。但是,在网络可能不同区域的大量流量并容易受到大量潜在攻击的大型网络中,训练这些gan的特定异常现象可能会使它忽略了其他异常和攻击。此外,必须将训练这些模型所需的数据集在集中提供并公开访问,这提出了网络各个参与者通信的明显隐私问题。这项工作中提出的解决方案旨在通过在这种规模和能力的网络中使用gans在联邦建筑中使用gan来解决上述两个问题。在这种情况下,该网络的不同用户将能够根据自己的经常面对的条件来训练和自定义中央可用的对抗模型。同时,网络的成员用户还可以从网络中其他用户的经验中获得。
Over the last two decades, a lot of work has been done in improving network security, particularly in intrusion detection systems (IDS) and anomaly detection. Machine learning solutions have also been employed in IDSs to detect known and plausible attacks in incoming traffic. Parameters such as packet contents, sender IP and sender port, connection duration, etc. have been previously used to train these machine learning models to learn to differentiate genuine traffic from malicious ones. Generative Adversarial Networks (GANs) have been significantly successful in detecting such anomalies, mostly attributed to the adversarial training of the generator and discriminator in an attempt to bypass each other and in turn increase their own power and accuracy. However, in large networks having a wide variety of traffic at possibly different regions of the network and susceptible to a large number of potential attacks, training these GANs for a particular kind of anomaly may make it oblivious to other anomalies and attacks. In addition, the dataset required to train these models has to be made centrally available and publicly accessible, posing the obvious question of privacy of the communications of the respective participants of the network. The solution proposed in this work aims at tackling the above two issues by using GANs in a federated architecture in networks of such scale and capacity. In such a setting, different users of the network will be able to train and customize a centrally available adversarial model according to their own frequently faced conditions. Simultaneously, the member users of the network will also able to gain from the experiences of the other users in the network.