TY - GEN
T1 - A Tale of Two Methods
T2 - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
AU - Schoen, Adrien
AU - Blanc, Gregory
AU - Gimenez, Pierre François
AU - Han, Yufei
AU - Majorczyk, Frédéric
AU - Me, Ludovic
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - The evaluation of network intrusion detection systems requires a sufficient amount of mixed network traffic, i.e., composed of both malicious and legitimate flows. In particular, obtaining realistic legitimate traffic is hard. Synthetic network traffic is one of the tools to respond to insufficient or incomplete real-world datasets. In this paper, we only focus on synthetically generating high-quality legit-imate traffic and we do not delve into malicious traffic generation. For this specific task, recent contributions make use of advanced machine learning-driven approaches, notably through Generative Adversarial Networks (GANs). However, evaluations of GAN-generated data often disregards pivotal attributes, such as protocol adherence. Our study addresses the gap by proposing a comprehensive set of metrics that assess the quality of synthetic legitimate network traffic. To illustrate the value of these metrics, we empirically compare advanced network-oriented GANs with a simple and yet effective probabilistic generative model, Bayesian Networks (BN). According to our proposed evaluation metrics, BN-based network traffic generation outperforms the state-of-the-art GAN-based opponents. In our study, BN yields sub-stantially more realistic and useful synthetic benign traffic and minimizes the computational costs simultaneously.
AB - The evaluation of network intrusion detection systems requires a sufficient amount of mixed network traffic, i.e., composed of both malicious and legitimate flows. In particular, obtaining realistic legitimate traffic is hard. Synthetic network traffic is one of the tools to respond to insufficient or incomplete real-world datasets. In this paper, we only focus on synthetically generating high-quality legit-imate traffic and we do not delve into malicious traffic generation. For this specific task, recent contributions make use of advanced machine learning-driven approaches, notably through Generative Adversarial Networks (GANs). However, evaluations of GAN-generated data often disregards pivotal attributes, such as protocol adherence. Our study addresses the gap by proposing a comprehensive set of metrics that assess the quality of synthetic legitimate network traffic. To illustrate the value of these metrics, we empirically compare advanced network-oriented GANs with a simple and yet effective probabilistic generative model, Bayesian Networks (BN). According to our proposed evaluation metrics, BN-based network traffic generation outperforms the state-of-the-art GAN-based opponents. In our study, BN yields sub-stantially more realistic and useful synthetic benign traffic and minimizes the computational costs simultaneously.
KW - Bayesian Networks
KW - Generative Adversarial Networks
KW - Network Traffic Generation
KW - Network flows
KW - Synthetic traffic
U2 - 10.1109/EuroSPW61312.2024.00036
DO - 10.1109/EuroSPW61312.2024.00036
M3 - Conference contribution
AN - SCOPUS:85202998720
T3 - Proceedings - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
SP - 273
EP - 286
BT - Proceedings - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 8 July 2024 through 12 July 2024
ER -