DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection
This work addresses a specific challenge in network security for detecting rare attacks, presenting an incremental improvement over existing machine learning-based methods.
The paper tackles the problem of detecting uncommon network attack types in intrusion detection systems by proposing a hybrid approach using GAN-generated synthetic data to train a DRL model, resulting in improved classification of minority classes compared to training on imbalanced real data.
Our increasingly connected world continues to face an ever-growing amount of network-based attacks. Intrusion detection systems (IDS) are an essential security technology for detecting these attacks. Although numerous machine learning-based IDS have been proposed for the detection of malicious network traffic, the majority have difficulty properly detecting and classifying the more uncommon attack types. In this paper, we implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our GAN model is trained with the NSL-KDD dataset for four attack categories as well as normal network flow. Ultimately, our findings demonstrate that training the DRL on specific synthetic datasets can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.