Title | Security-Alert Screening with Oversampling Based on Conditional Generative Adversarial Networks |
Publication Type | Conference Paper |
Year of Publication | 2022 |
Authors | Ndichu, Samuel, Ban, Tao, Takahashi, Takeshi, Inoue, Daisuke |
Conference Name | 2022 17th Asia Joint Conference on Information Security (AsiaJCIS) |
Date Published | jul |
Keywords | Buildings, conditional generative adversarial networks, Data models, Deep Learning, Generative Adversarial Learning, generative adversarial networks, Metrics, network intrusion detection, Oversampling, pubcrawl, resilience, Resiliency, Scalability, Security alert screening, skewed class distribution, Synthesizers, Training |
Abstract | Imbalanced class distribution can cause information loss and missed/false alarms for deep learning and machine-learning algorithms. The detection performance of traditional intrusion detection systems tend to degenerate due to skewed class distribution caused by the uneven allocation of observations in different kinds of attacks. To combat class imbalance and improve network intrusion detection performance, we adopt the conditional generative adversarial network (CTGAN) that enables the generation of samples of specific classes of interest. CTGAN builds on the generative adversarial networks (GAN) architecture to model tabular data and generate high quality synthetic data by conditionally sampling rows from the generated model. Oversampling using CTGAN adds instances to the minority class such that both data in the majority and the minority class are of equal distribution. The generated security alerts are used for training classifiers that realize critical alert detection. The proposed scheme is evaluated on a real-world dataset collected from security operation center of a large enterprise. The experiment results show that detection accuracy can be substantially improved when CTGAN is adopted to produce a balanced security-alert dataset. We believe the proposed CTGAN-based approach can cast new light on building effective systems for critical alert detection with reduced missed/false alarms. |
Notes | ISSN: 2765-9712 |
DOI | 10.1109/AsiaJCIS57030.2022.00011 |
Citation Key | ndichu_security-alert_2022 |