Citation: Xu, W.; Jang-Jaccard, J.; Liu,
T.; Sabrina, F.; Kwak, J. Improved
Bidirectional GAN-Based Approach
for Network Intrusion Detection
Using One-Class Classifier.
Computers 2022, 11, 85. https://
doi.org/10.3390/computers11060085
Academic Editors: Phivos Mylonas,
Katia Lida Kermanidis and Manolis
Maragoudakis
Received: 14 April 2022
Accepted: 24 May 2022
Published: 26 May 2022
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
Improved Bidirectional GAN-Based Approach for Network
Intrusion Detection Using One-Class Classifier
Wen Xu
1,
* , Julian Jang-Jaccard
1,
* , Tong Liu
1
, Fariza Sabrina
2
and Jin Kwak
3
1
Cybersecurity Lab, Comp Sci/Info Tech, Massey University, Auckland 0632, New Zealand; t.liu@massey.ac.nz
2
School of Engineering and Technology, Central Queensland University, Sydney, NSW 2000, Australia;
f.sabrina@cqu.edu.au
3
Department of Cyber Security, Ajou University, Suwon 16499, Korea; security@ajou.ac.kr
* Correspondence: w.xu2@massey.ac.nz (W.X.); j.jang-jaccard@massey.ac.nz (J.J.-J.)
Abstract:
Existing generative adversarial networks (GANs), primarily used for creating fake image
samples from natural images, demand a strong dependence (i.e., the training strategy of the generators
and the discriminators require to be in sync) for the generators to produce as realistic fake samples
that can “fool” the discriminators. We argue that this strong dependency required for GAN training
on images does not necessarily work for GAN models for network intrusion detection tasks. This
is because the network intrusion inputs have a simpler feature structure such as relatively low-
dimension, discrete feature values, and smaller input size compared to the existing GAN-based
anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional
GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads
involved in excessive training. In our proposed method, the training iteration of the generator (and
accordingly the encoder) is increased separate from the training of the discriminator until it satisfies
the condition associated with the cross-entropy loss. Our empirical results show that this proposed
training strategy greatly improves the performance of both the generator and the discriminator even
in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class
classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network
traffic based on binary classification results instead of calculating expensive and complex anomaly
scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective
to be used in network intrusion detection tasks and outperforms other similar generative methods on
two datasets: NSL-KDD and CIC-DDoS2019 datasets.
Keywords: network intrusion detection; generative adversarial networks; one class classifier
1. Introduction
Network intrusion detection is used to discover any unauthorized attempts to a net-
work by analyzing network traffic coming in and out of the network and looking for any
signs of malicious activity. This is often regarded as one of the most critical network security
mechanisms to block or stop cyberattacks [1].
Traditional machine learning (ML) approaches, such as supervised network intrusion
detection, have shown reasonable performance for detecting malicious payloads included
in network traffic-based data sets labeled with ground truth [
2
]. However, with the mass
increase in the size of data, it has become either too expensive or no longer possible to label
a huge number of data sets (i.e., big data) [
3
]. Unsupervised intrusion detection methods
have been proposed as it no longer demands the requirement for labeled data. In addition,
these unsupervised methods can utilize only the samples from one class (e.g., normal
samples) for training to recognize any patterns that deviate from the training observations.
However, the detection accuracy of these unsupervised learning methods tends to suffer as
soon as an imbalanced class appears (e.g., the number of samples in a class is significantly
more or less compared to the number of samples in other classes).
Computers 2022, 11, 85. https://doi.org/10.3390/computers11060085 https://www.mdpi.com/journal/computers
