Automatically synthesizing DoS attack traces using generative adversarial networks

  • Qiao YanEmail author
  • Mingde Wang
  • Wenyao Huang
  • Xupeng Luo
  • F. Richard Yu
Original Article


Artificial intelligence (AI) technology ruling people is still the scene in the science fiction film, but hackers using AI technology against existing security measures is an inescapable trend. Network intrusion detection systems (NIDS) based deep learning such as convolutional neural network (CNN) have reached a very high detection rate. But we propose DoS-WGAN, a common architecture that uses the Wasserstein generative adversarial networks (WGAN) with gradient penalty technology to evade network traffic Classifiers. To camouflage offensive denial of service (DoS) attack traffic as normal network traffic, DoS-WGAN automatically synthesizes attack traces that can defeat a existing NIDS/network security defense for DoS cases. Information entropy is used to measure the dispersing performance of generated DoS attack traffic. The generated DoS attack traffic is so similar to the normal traffic that detection algorithm cannot distinguish between them. When we input the generated DoS attack traffic to a NIDS based on CNN in our experiments, the detection rate drops to \(47.6\%\) from \(97.3\%\). To make the training more stable, we integrate the Standardized Euclidean distance and the information entropy to evaluate the training process. We believe that AI technology will play a particularly important role in the game of network attack and defense.


Network intrusion detection systems Generative adversarial networks Wasserstein-GAN 



We thank the anonymous reviewers of this work for their helpful feedback. This research is supported in part by a grant from the National Natural Science Foundation of China (no. 61672358). This research is also supported in part by a grant from Basic Research Program of Shenzhen, China under its Suppress Distributed Denial of Service Attacks in IoT Program (no. JCYJ20170302154032530). All opinions expressed in this paper are solely those of the authors.


  1. 1.
    Arjovsky M, Bottou L (2017) Towards principled methods for training generative adversarial networks. arXiv preprint arXiv:170104862
  2. 2.
    Arjovsky M, Chintala S, Bottou L (2017) Wasserstein GAN. arXiv preprint arXiv:170107875
  3. 3.
    Bi J, Zhang K, Cheng X (2009) Intrusion detection based on RBF neural network. In: International symposium on information engineering and electronic commerce, IEEC’09. IEEE, New York, pp 357–360Google Scholar
  4. 4.
    Biggio B, Corona I, Maiorca D, Nelson B, Šrndić N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: Joint European conference on machine learning and knowledge discovery in databases, vol 8190. Springer, Berlin, pp 387–402CrossRefGoogle Scholar
  5. 5.
    Bode MA, Oluwadare SA, Alese BK, Thompson FB (2015) Risk analysis in cyber situation awareness using Bayesian approach. In: 2015 international conference on cyber situational awareness, data analytics and assessment (CyberSA). IEEE, New York, pp 1–12Google Scholar
  6. 6.
    Brain G (2015) Tensorflow. Open source software library. Accessed 24 Dec 2018
  7. 7.
    Canbay Y, Sagiroglu S (2016) A hybrid method for intrusion detection. In: 2015 IEEE 14th international conference on machine learning and applications (ICMLA). IEEE, New York, pp 156–161Google Scholar
  8. 8.
    Chauhan M, Pratap A, Sonika, Dixit A (2015) Designing a technique for detecting intrusion based on modified adaptive resonance theory network. In: 2015 international conference on green computing and internet of things (ICGCIoT). IEEE, New York, pp 448–451Google Scholar
  9. 9.
    Chordia AS, Gupta S (2016) An effective model for anomaly ids to improve the efficiency. In: 2015 international conference on green computing and internet of things (ICGCIoT). IEEE, New York, pp 190–194Google Scholar
  10. 10.
    Fu Y, Zhu Y, Yu H (2009) Study of neural network technologies in intrusion detection systems. In: 5th international conference on wireless communications, networking and mobile computing, WiCom’09. IEEE, New York, pp 4454–4457Google Scholar
  11. 11.
    Goodfellow IJ, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. In: International conference on neural information processing systems, pp 2672–2680Google Scholar
  12. 12.
    Gulrajani I, Ahmed F, Arjovsky M, Dumoulin V, Courville AC (2017) Improved training of Wasserstein GANs. In: Advances in neural information processing systems, pp 5767–5777Google Scholar
  13. 13.
    Haykin S (1994) Neural networks: a comprehensive foundation. Prentice Hall PTR, LondonGoogle Scholar
  14. 14.
    Hu W, Tan Y (2017) Generating adversarial malware examples for black-box attacks based on GAN. arXiv:1702.05983
  15. 15.
    Jiang J, Zhang C, Kamel M (2003) RBF-based real-time hierarchical intrusion detection systems. In: 2003 proceedings of the international joint conference on neural networks, vol 2(2), pp 1512–1516Google Scholar
  16. 16.
    Khosravi-Farmad M, Ramaki AA, Bafghi AG (2015) Risk-based intrusion response management in IDS using Bayesian decision networks. In: 2015 5th international conference on computer and knowledge engineering (ICCKE). IEEE, New York, pp 307–312Google Scholar
  17. 17.
    Kingma D, Ba J (2014) Adam: a method for stochastic optimization. Comput SciGoogle Scholar
  18. 18.
    Kumar VD, Radhakrishnan S (2014) Intrusion detection in MANET using self organizing map (SOM). In: 2014 international conference on recent trends in information technology (ICRTIT). IEEE, New York, pp 1–8Google Scholar
  19. 19.
    Padmadas M, Krishnan N, Kanchana J, Karthikeyan M (2014) Layered approach for intrusion detection systems based genetic algorithm. In: 2013 IEEE international conference on computational intelligence and computing research (ICCIC). IEEE, New York, pp 1–4Google Scholar
  20. 20.
    Sahu S, Mehtre BM (2015) Network intrusion detection system using j48 decision tree. In: 2015 international conference on advances in computing, communications and informatics (ICACCI). IEEE, New York, pp 2023–2026Google Scholar
  21. 21.
    Salimans T, Goodfellow I, Zaremba W, Cheung V, Radford A, Chen X (2016) Improved techniques for training GANs. In: Advances in neural information processing systems, pp 2234–2242Google Scholar
  22. 22.
    Senthilnayaki B, Venkatalakshmi K, Kannan A (2015) Intrusion detection using optimal genetic feature selection and svm based classifier. In: 2015 3rd international conference on signal processing, communication and networking (ICSCN). IEEE, New York, pp 1–4Google Scholar
  23. 23.
    Stolfo S, Lee W (1999) Kddcup 1999 dataset. The data set used for the third international knowledge discovery and data mining tools competition. Accessed 29 Mar 2018
  24. 24.
    Teng L, Teng S, Tang F, Zhu H, Zhang W, Liu D, Liang L (2015) A collaborative and adaptive intrusion detection based on svms and decision trees. In: 2014 IEEE international conference on data mining workshop (ICDMW). IEEE, New York, pp 898–905Google Scholar
  25. 25.
    Villani C (2009) Optimal transport: old and new. In: Grundlehren der mathematischen Wissenschaften. Springer, BerlinGoogle Scholar
  26. 26.
    Vinayakumar R, Soman K, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 international conference on advances in computing, communications and informatics (ICACCI). IEEE, New York, pp 1222–1228Google Scholar
  27. 27.
    Wahengbam M, Marchang N (2012) Intrusion detection in MANET using fuzzy logic. In: 2012 3rd national conference on emerging trends and applications in computer science (NCETACS). IEEE, New York, pp 189–192Google Scholar
  28. 28.
    Xu W, Qi Y, Evans D (2016) Automatically evading classifiers: a case study on PDF malware classifiers. In: Proceedings of the 2016 network and distributed systems symposium.
  29. 29.
    Yang Z, Karahoca A, Yang N, Aydin N (2008) Network intrusion detection by using cellular neural network with Tabu search. In: ECSIS symposium on bio-inspired learning and intelligent systems for security, BLISS’08. IEEE, New York, pp 64–68Google Scholar
  30. 30.
    Zhang XY, Zeng HS, Jia L (2010) Research of intrusion detection system dataset-KDD CUP99. Comput Eng Des 31(22):4809–4805Google Scholar
  31. 31.
    Zhu JY, Park T, Isola P, Efros AA (2017) Unpaired image-to-image translation using cycle-consistent adversarial networks. arXiv preprint arXiv:170310593

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.College of Computer Science and Software EngineeringShenzhen UniversityShenzhenChina
  2. 2.College of Systems and Computer EngineeringCarleton UniversityOttawaCanada

Personalised recommendations