Adversarial AutoEncoder and Generative Adversarial Networks for Semi-Supervised Learning Intrusion Detection System

As one of the defensive solutions against cyberattacks, Intrusion Detection System (IDS) plays an important role in observing the network state, alerting suspicious actions that can break down the system. There are many attempts of adopting Machine Learning (ML) in IDS to achieve the high performance in intrusion detection. However, all of them necessitate a large amount of labeled data. Also, labeling attack data is a time-consuming and expensive human-labor operation, making existing ML methods difficult to deploy in a new system or yielding lower results due to a lack of labels on pre-trained data. To address these issues, we propose a semi-supervised IDS model that leveraging Generative Adversarial Networks (GANs) and Adversarial AutoEncoder (AAE), called a semi-supervised adversarial autoencoder (SAAE). Our SAAE experimental results on two public datasets for benchmarking ML-based IDS, including NF-CSE-CIC-IDS2018 and NF-UNSW-NB15, demonstrate the effectiveness of AAE and GAN in case of using only a small number of labeled data. In particular, our approach outperforms other ML methods with the highest detection rates in spite of the scarcity of labeled data for model training, even with only 1% labeled data.