Paper Info
Title
Dual Generative Adversarial Networks Based Unknown Encryption Ransomware Attack Detection
Abstract
Aiming at unknown or variant ransomware attack encrypted with SSL (Secure Sockets Layer)/ TLS (Transport Layer Security) protocol, a detection framework named TGAN-IDS (Transferred Generating Adversarial Network-Intrusion Detection System) based on dual generative adversarial networks is presented in this paper. In this framework, DCGAN (Deep Convolutional Generative Adversarial Network) is adopted to train a generator which has good performance to generate adversarial sample, and is transferred to the generator of TGAN. A pre-training model named PreD is built based on CNN (Convolutional Neural Network), which has good performance to do binary classification, and is transferred to the discriminator of TGAN. The generator and discriminator of TGAN play games in training process until the discriminator has a strong ability to detection unknown attack, and then it is output as an anomaly detector. In order to suppress the deterioration of normal sample detection ability during adversarial training of TGAN, a reconstruction loss function is introduced into the target function of TGAN. Experiments on a mixed dataset which is constructed by CICIDS2017 and other ransomware datasets show comparing with other deep learning network, such as AlexNet, ResNet and DenseNet etc., TGAN-IDS performs well in the indicators of detection accuracy, recall or F1-score etc. Also experiments on KDD99, SWaT and WADI datasets show that TGAN-IDS is suitable for other unencrypted unknown network attack detection.
Year
DOI
Venue
2022
10.1109/ACCESS.2021.3128024
IEEE Access
Keywords
DocType
Volume
Ransomware,encrypted traffic,anomaly detection,GAN,transfer learning
Journal
10
ISSN
Citations 
PageRank 
2169-3536
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Xueqin Zhang182.57
Jiyuan Wang200.34
Shinan Zhu300.34