On the combination of data augmentation method and gated convolution model for building effective and robust intrusion detection

• Published in: Cybersecurity (Singapore) Vol. 3; no. 1; pp. 1 - 12
• Main Authors: Wang, Yixiang, lv, Shaohua, Liu, Jiqiang, Chang, Xiaolin, Wang, Jinqiang
• Format: Journal Article
• Language: English
• Published: Singapore Springer Singapore 15.12.2020; Springer Nature B.V; SpringerOpen
• Subjects: AI and Security; Algorithms; Artificial neural networks; Computer Science; Convolution; Data augmentation; Intrusion; Intrusion detection system; Machine learning; Machine learning algorithms; Robustness; Sequences; System call; Training; Data augmentation; Machine learning algorithms; Intrusion detection system; System call
• ISSN: 2523-3246; 2523-3246
• DOI: 10.1186/s42400-020-00063-5

Deep learning (DL) has exhibited its exceptional performance in fields like intrusion detection. Various augmentation methods have been proposed to improve data quality and eventually to enhance the performance of DL models. However, the classic augmentation methods cannot be applied to those DL models which exploit the system-call sequences to detect intrusion. Previously, the seq2seq model has been explored to augment system-call sequences. Following this work, we propose a gated convolutional neural network (GCNN) model to thoroughly extract the potential information of augmented sequences. Also, in order to enhance the model’s robustness, we adopt adversarial training to reduce the impact of adversarial examples on the model. Adversarial examples used in adversarial training are generated by the proposed adversarial sequence generation algorithm. The experimental results on different verified models show that GCNN model can better obtain the potential information of the augmented data and achieve the best performance. Furthermore, GCNN with adversarial training can enhance robustness significantly.