Advancements in Machine Learning (ML) methods have given malicious actors new cyber-offense tools, resulting in high-volume and complex attacks. The first line of defense against these attacks are Network Intrusion Detection System (NIDS) that can learn network activity patterns by monitoring traffic, and raise an alarm when malicious traffic is encountered. These systems typically rely on both static attack signatures and dynamic behavior learning methods using data and time variations. These detection methods can be potentially evaded by attack mutations and complex learning algorithms[bao2017shall]. They can also have high rates of false positives with no measurable effectiveness [ficke2018characterizing, sommeroutside]
. There is a need to continuously test, improve, and evolve NIDS models using real-world network attack mutations that can enhance both accuracy and complexity of attack pattern detection. Deep Learning Neural Networks[goodfellow2016deep] have been previously applied to improve NIDS [yin2017deep] systems. The most recent Gradient Penalty-Wasserstein Generative Adversial Networks (GP-WGAN) [gulrajani2017improved] can address both complexity and high-quality of synthetic network traffic flow generation [ring2019flow].
In this work, in contrast to [ring2019flow], we apply the GP-WGAN algorithm to specifically generate synthetic network attacks, using publicly available datasets. We present the SynGAN framework consisting of three components: the Generator, the Discriminator and the Evaluator, as shown in figure 1. The generated packets are measured against a quality benchmark, defined by the similarity between generated “synthetic” packets and real packets. We compare two real-world network datasets NSL-KDD [tavallaee2009detailed] and CICIDS2017 [sharafaldin2018toward] for synthetic network attack generation. Although NSL-KDD is a well-known network security dataset, it has short-comings in evaluating NIDS [mchugh2000testing]. For our initial framework development and evaluation, however, the NSL-KDD dataset provides a good starting reference point. We evaluate the framework against the Distributed Denial of Service (DDoS) family of attacks that can have complex time variations.
In this section, we describe a brief theoretical formulation of GP-WGAN followed by well known attacks from the DDoS taxonomy. Subsequently, we present the SynGAN framework and the generation of synthetic DDoS network attacks.
2.1 Gradient Penalty Wasserstein GAN (GP-WGAN)
The GAN [goodfellow2014generative] framework describes a competitive game between two neural networks in which the generator network must compete against an adversary according to a game theoretic scenario [goodfellow2016deep]. The generator produces samples from a noise distribution, and its adversary, the discriminator, tries to distinguish real samples from the generated samples. The real samples are inherited from the training data and the generated samples from the generator. The Wasserstein GAN (WGAN) [arjovsky2017wasserstein] facilitates the convergence of GANs’ training using the optimal transport metric. The WGAN is further optimized by using a Gradient Penalty (GP-WGAN) method allowing the generation of adversarial samples of higher quality [gulrajani2017improved]
. With Wasserstein distance and the gradient penalty, the generator and the discriminator are able to improve at the same pace, avoiding mode-collapse a characteristic leading to unoptimized neural network weights which results in poor training. The GP-WGAN objective loss function is expressed such that
where is the set of 1-Lipschitz functions on , the original data distribution, the generative model distribution implicitly defined by . The input
to the generator is sampled from a noise distribution such as a uniform distribution.defines the uniform sampling along straight lines between pairs of points sampled from the data distribution and the generative distribution . A penalty on the gradient norm is enforced for random samples .
2.2 Distributed Denial of Service Attacks
A DDoS attack occurs when multiple machines flood a network host with traffic until the host cannot respond, or crashes, preventing access to users [douligeris2004ddos]. These attacks exploit protocols at the network, transport and/or applications layers. The well known attacks in the DDoS taxonomy include Teardrop, Smurf, UDP Flooding, SYN Flooding, NTP Flooding, DNS Amplification, and application layer HTTP attacks such as GoldenEye and Slowloris [douligeris2004ddos]. In this work, we concentrate on generating synthetic network traffic for Smurf and GoldenEye attacks. In a Smurf attack, an attacker relies on a large collection of Internet Control Message Protocol (ICMP) echo request packets using a victim’s spoofed source IP address that are broadcast in a network. In a GoldenEye attack, an attacker targets web servers by keeping connections open with HTTP requests rendering the server unable to process any other requests. The GoldenEye attack and other similar application layer DDoS are deemed to be particularly intractable because of their inherent distributed nature.
2.3 SynGAN Framework and DDoS
The SynGAN framework generates synthetic network attack packets using real-world attack traffic mutations. It relies on the GP-WGAN formulation to ensure a better convergence of the error minimization function. As illustrated in figure 1, the SynGAN framework has three components: the Generator, the Discriminator and the Evaluator. Initially, during the GAN’s training, a uniform random distribution is used to initialize the artificial samples. Then, the generative network mutates the artificial samples, trying to make the latter similar to real attacks. Subsequently, the synthetic attacks are sent to the discriminator. The discriminator tries to differentiate between real and artificial attacks. It provides feedback to the generative network to recursively improve the quality of the generated adversarial samples. At the end of the GAN’s training, only the generator is used to generate artificial DDoS attacks. Finally, the gradient boosting classifier, the evaluator, attempts to differentiate between between real and generated attack packets using the quality benchmark based on the root mean square error. We chose to use the gradient boosting algorithm as it allows an easy identification of the relevant features used for the traffic classification, as shown in figure 2.
For our first attack generation implementation and analysis, we compare and evaluate the NSL-KDD and CICIDS2017 datasets. The NSL-KDD dataset contains two classes of network attacks, DoS and Probe, and two classes of host-based attacks, Remote-2-Local (R2L) and User-2-Root (U2R). We first start our approach on the DDoS attacks subset including the simple Smurf attack with 41 network flow features[tavallaee2009detailed]. The CICIDS2017 dataset contains various attacks such as infiltration, heart-bleed and GoldenEye with 80 network flow features [sharafaldin2018toward]. We then concentrate our synthetic attack experiments on the more complex GoldenEye attack pattern.
library is used for the neural network implementation. The GP-WGAN has 5 layers with 256, 128, 128, 128 and 78 neurons, and a ReLU activation function for each of the layers. Additionally, we used the RMSProp gradient descent for the neural network training[hinton2012rmsprop] with the parameters . We empirically obtained the lowest error reconstruction with the gradient penalty . The simulations were performed on a computer with 16GB of RAM, Intel i7 CPU and a Tesla K80 GPU accelerator [charlier2019].
Results and Discussions From the Smurf attack analysis of the NSL-KDD dataset, the top-15 aggregate parameters identified by the gradient boost evaluator are shown in figure 2. The highest weighted parameter, Dst_host_count, represents the number of connections having the same destination host IP address [tavallaee2009detailed]. The NSL-KDD dataset, however, contains only 2,000 Smurf attacks resulting in weak statistical relevance, thus rendering our packet generation unreliable. We concentrated, therefore, on the CICIDS2017 dataset that has in excess of 10,000 DDoS attack samples including the GoldenEye attack. The SynGAN framework is able to generate adversarial attacks with a root mean square error of 0.10 implying very close similarity between the artificially generated attacks and original attacks. In figure 3, the graphs describing the packet length mean, the flow bytes per sec., the flow duration and the forward Inter Arrival Time (IAT) distributions between the generated and the original attacks confirm close similarity. The other features share the same distribution pattern. We computed the Area under the Curve (AUC) of the Receiver Operating Characteristic (ROC) curve of the gradient boosting classifier, the evaluator, between the generated and the true attacks. The preliminary AUC score is at 75% in our experiments, highlighting that the evaluator is partly incapable to differentiate between the two types of attacks. These results reaffirm the ability of the SynGAN framework to generate adversarial attacks of high quality.
We introduced the SynGAN framework to generate synthetic network attacks using real attack traffic data. We evaluated the NSL-KDD and CICIDS2017 datasets for a subset of DDoS network attacks. The recent CICIDS2017 dataset has statistically more significant samples for DDoS attacks. The framework was applied to generate GoldenEye attack data showing more than adequate convergence of real and synthetic data. Although the current framework only generates DDoS network attacks using GP-WGANs, it shows promising results. Our future work will explore generating models having more complex state machines [yu2017seqgan] to orchestrate different network attack types. The final goal is to evaluate the effectiveness of commercial NIDS by generating high-quality synthetic attack traffic of different types, and integrate the framework in a network security automation pipeline.