Miyaji Laboratory

Computer security is extremely important now that a wide variety of information is exchanged via the Internet. However, cyber-attacks against computers through network intrusions are becoming more frequent and damaging. A network intrusion detection system (NIDS) is one of the methods to defend against these attacks. NIDS based on machine learning learns a dataset containing attack communication data, monitors the packet flow on the Internet, and detects intrusion. The machine learning-based NIDS using the CIC-IDS2017 dataset has the problem that the number of data for each type of attack in the dataset used for training is unbalanced, so the attack detection performance degrades for attacks with only a few data. To address this issue, Lee et al. proposed a oversampling method to increase the number of data using GANs for a small class of training data. However, their method is effective only for Bot, Infilteration, and Heartbleed attacks, and has not been validated for other attacks or other data sets. In this paper, the effectiveness of oversampling with GANs is verified for attacks and datasets for which Lee et al. have not yet verified the effectiveness of oversampling with GANs using CTGANs to increase the data. The validation results showed that it was effective for unverified attack classes, but not for unverified datasets.