Security Hardening of Botnet Detectors Using Generative Adversarial Networks

Randhawa, Rizwan Hamid; Aslam, Nauman; Alauthman, Mohammad; Rafiq, Husnain; Comeau, Frank

doi:10.1109/access.2021.3083421

Cited by 21 publications

(27 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [23] compared 85 different oversampling techniques and suggested the three best-performing variants as SMOTE IPF, ProWSyn and polynom fit SMOTE. In [7], authors have compared the performance of these three SMOTE variants with GANs. Through empirical results, they found that GANs outperform the three mentioned oversamplers in most of the adversarial training of ML classifiers.…”

Section: B Data Oversampling and Gansmentioning

confidence: 99%

“…The quantitative analysis of EVAGAN was performed on CC datasets. We have followed the work done by the authors in [7] for dataset selection of botnet. We have used three datasets, ISCX-2014, CIC-2017 and CIC-2018, from the Canadian Institute of Cybersecurity (CIC).…”

Section: B Data Preparationmentioning

confidence: 99%

“…Second, the emulated attacks may not accurately represent a real attack scenario. A cost-effective way of gathering the attacks' data is synthetic generation using AI generative models [7].…”

Section: Introductionmentioning

confidence: 99%

“…Using generative adversarial networks (GANs) as synthetic oversamplers has been a voguish research endeavour for low data regimes [3], [8]. Various researchers have demonstrated that GANs are more effective as compared to other synthetic oversamplers like SMOTE [2], [7], [9], [10]. It is found in numerous studies that due to the adversarial factor, GANs can better estimate the target probability distribution [2], [9], [11].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Evasion Generative Adversarial Network for Low Data Regimes

Randhawa

Aslam

Alauthman

et al. 2023

IEEE Trans. Artif. Intell.

Self Cite

View full text Add to dashboard Cite

A myriad of recent literary works has leveraged generative adversarial networks (GANs) to generate unseen evasion samples. The purpose is to annex the generated data with the original train set for adversarial training to improve the detection performance of machine learning (ML) classifiers. The quality of generated adversarial samples relies on the adequacy of training data samples. However, in low data regimes like medical diagnostic imaging and cybersecurity, the anomaly samples are scarce in number. This paper proposes a novel GAN design called Evasion Generative Adversarial Network (EVAGAN) that is more suitable for low data regime problems that use oversampling for detection improvement of ML classifiers. EVAGAN not only can generate evasion samples, but its discriminator can act as an evasion-aware classifier. We have considered Auxiliary Classifier GAN (ACGAN) as a benchmark to evaluate the performance of EVAGAN on cybersecurity (ISCX-2014, CIC-2017 and CIC2018) botnet and computer vision (MNIST) datasets. We demonstrate that EVAGAN outperforms ACGAN for unbalanced datasets with respect to detection performance, training stability and time complexity. EVAGAN's generator quickly learns to generate the low sample class and hardens its discriminator simultaneously. In contrast to ML classifiers that require security hardening after being adversarially trained by GAN-generated data, EVAGAN renders it needless. The experimental analysis proves that EVA-GAN is an efficient evasion hardened model for low data regimes for the selected cybersecurity and computer vision datasets. Code will be available at HTTPS://www.github.com/rhr407/EVAGAN. Impact Statement-Artificial Intelligence (AI) applications can help improve the quality of human life. The use of AI is not only limited to medical anomaly detection and drug discovery but can be leveraged in computer networks to keep people safe from malicious activities on the Internet. However, the AI-based models can be biased towards the majority class of data on which they are trained due to data imbalance. Anomaly data samples are always scarce as compared to normal data samples. So this is an open research problem to solve. Our work is an effort to improve the AI-based methods in detection performance, stability and time complexity. Using the proposed technique, we can train our AI model using fewer anomaly samples, improving the costefficiency compared to state-of-the-art in anomaly detection.

show abstract

Section: B Data Oversampling and Gansmentioning

confidence: 99%

Section: B Data Preparationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Evasion Generative Adversarial Network for Low Data Regimes

Randhawa

Aslam

Alauthman

et al. 2023

IEEE Trans. Artif. Intell.

Self Cite

View full text Add to dashboard Cite

show abstract

“…It can be observed from this table that we used 'sigmoid' in the output layer of G due to the reason that we wanted to generate the API data in which the values need to be between 0 and 1. We propose a GAN based methodology inspired by [20] that could mimic and generate the API based APK feature set. We propose the GAN evaluation by tweaking the classifier twosample test (C2ST) [21] for G performance evaluation.…”

Section: Evasion Attacks Generatormentioning

confidence: 99%

The geomorphological distribution of subaqueous tufa columns in a hypersaline lake: Mono Lake, U.S.A.

Keevil

Rogerson

Parsons

et al. 2022

Journal of Sedimentary Research

View full text Add to dashboard Cite

Understanding the flow of carbon through hyperalkaline lakes is a key means of understanding their biogeochemistry, sedimentology, and their paleoenvironmental and paleoclimatic records. Furthermore, understanding how mineral precipitation is regulated in these lakes can provide insights into how their sequestration of carbon can be managed. We report geophysical surveys of Mono Lake, California, USA, which show unanticipated geomorphological control on the recent/contemporary formation of lacustrine carbonate formations (“tufa”). Acquired shallow-penetration seismic data show a fault zone below the lake floor, but despite the regional evidence for geothermal waters rising up these fractures, we find no evidence for tufa precipitation at the surface exposure of this structure, either in the seismic data or in the swath bathymetry. However, we do find sub-lacustrine tufa columns in these data elsewhere, which is the first time these have been reported directly. We find and report on a strong link between column location and meteoric Ca supply to the lake, with the latter sourced either through surface runoff or groundwater. For example, a region close to a creek inlet has more frequent and larger tufa bodies, which grow at a wider depth range than another region far from an inlet but close to the fault. This demonstrates the importance of meteoric water ingress in regulating carbonate mineral formation in these basins, and raises the possibility that management of water within the catchment could be a means to enhance carbon capture in natural and artificial hyperalkaline lakes.

show abstract

Effective Internet of Things botnet classification by data upsampling using generative adversarial network and scale fused bidirectional long short term memory attention model

Geetha

Brahmananda

2022

Concurrency and Computation

View full text Add to dashboard Cite

Internet of Things (IoT) botnet attacks are considered an important risk to information security. This work mainly focusing on botnet attack detection targeting various IoT devices. In this work, feature generation and classification are the two major processes considered for attack detection. Generative adversarial network (GAN) is applied for the feature generation process. GAN has generator and discriminator. Here effective generator network is introduced by applying added convolution layers with batch normalization and rectified linear unit activation function. In this proposed system, a novel network called the data perception network is proposed with scale fused architecture. The data perception network is developed to determine generator's efficiency in generating fake data similar to original data. This perception network is also considered for estimating loss function by analyzing in different scales. Hence, the major strength of this network is that highly reliable data are provided using the synthesized data. An efficient network architecture called scale fused bidirectional long short term memory attention model (SFBAM) is applied for the classification process. The proposed model is evaluated using the IoT-23 dataset, which can differentiate between benign and malicious data in IoT attacks. Compared to existing models, this proposed model provides effective results by improving accuracy and reducing loss.

show abstract

Security Hardening of Botnet Detectors Using Generative Adversarial Networks

Cited by 21 publications

References 41 publications

Evasion Generative Adversarial Network for Low Data Regimes

Evasion Generative Adversarial Network for Low Data Regimes

The geomorphological distribution of subaqueous tufa columns in a hypersaline lake: Mono Lake, U.S.A.

Effective Internet of Things botnet classification by data upsampling using generative adversarial network and scale fused bidirectional long short term memory attention model

Contact Info

Product

Resources

About