An Effective Network Intrusion Detection Model for Coarse-to-Fine Attack Classification of Imbalanced Network Traffic

Abstract

In the present day, cyber security is facing numerous attacks that are causing substantial damage to users. Recent intrusion detection systems are employing advanced methods like deep learning to create effective and efficient intrusion detection systems in order to address these new and intricate attacks. Even the recent benchmark datasets are facing the trouble of detection and prediction of minority attack classes leading the way to missed and false alarms extensively. Hence, these detection systems are biased toward coarse attack classes (majority classes) over fine classes (minority classes). This problem is referred to as Coarse to Fine-Attack Classification (C-FAC). To overcome this challenge and boost the multi-attack classification, a novel approach has been proposed which takes the advantage of ensemble model in phase 1 and Generative Adversarial Networks (GAN) in phase 2. We used classical machine learning and deep learning classification models: Extreme Gradient Boosting (XGBoost), Decision Tress (DT), and Deep Neural Networks (DNN). GAN is cast as an over-sampling method in this model which enhances the classification accuracy of attacks. The effectiveness of our proposed model was evaluated using the two benchmark datasets for intrusions, namely NSL-KDD and CSE-CICIDS2018. Based on the experimental results, it was found that our method improved the detection performance and even reduced the false alarm rate of the deep learning network intrusion detection model significantly