Visible to the public Security-Alert Screening with Oversampling Based on Conditional Generative Adversarial Networks

Submitted by grigby1 on Thu, 08/03/2023 - 2:11pm
TitleSecurity-Alert Screening with Oversampling Based on Conditional Generative Adversarial Networks
Publication TypeConference Paper
Year of Publication2022
AuthorsNdichu, Samuel, Ban, Tao, Takahashi, Takeshi, Inoue, Daisuke
Conference Name2022 17th Asia Joint Conference on Information Security (AsiaJCIS)
Date Publishedjul
KeywordsBuildings, conditional generative adversarial networks, Data models, Deep Learning, Generative Adversarial Learning, generative adversarial networks, Metrics, network intrusion detection, Oversampling, pubcrawl, resilience, Resiliency, Scalability, Security alert screening, skewed class distribution, Synthesizers, Training
AbstractImbalanced class distribution can cause information loss and missed/false alarms for deep learning and machine-learning algorithms. The detection performance of traditional intrusion detection systems tend to degenerate due to skewed class distribution caused by the uneven allocation of observations in different kinds of attacks. To combat class imbalance and improve network intrusion detection performance, we adopt the conditional generative adversarial network (CTGAN) that enables the generation of samples of specific classes of interest. CTGAN builds on the generative adversarial networks (GAN) architecture to model tabular data and generate high quality synthetic data by conditionally sampling rows from the generated model. Oversampling using CTGAN adds instances to the minority class such that both data in the majority and the minority class are of equal distribution. The generated security alerts are used for training classifiers that realize critical alert detection. The proposed scheme is evaluated on a real-world dataset collected from security operation center of a large enterprise. The experiment results show that detection accuracy can be substantially improved when CTGAN is adopted to produce a balanced security-alert dataset. We believe the proposed CTGAN-based approach can cast new light on building effective systems for critical alert detection with reduced missed/false alarms.
NotesISSN: 2765-9712
DOI10.1109/AsiaJCIS57030.2022.00011
Citation Keyndichu_security-alert_2022
Groups: