Exploring GANs to generate attack-variations in IoT networks

Abstract: Data driven IDS development requires a vast amount of data to be effective against future attacks and a big problem is the lack of available data. This thesis explores the use of GANs (Generative adversarial networks) in generating attack data that can be used as apart of a training set for an IDS to improve the robustness against adversarial attacks. GAN has been used extensively in the field of image generation therefore this thesis uses image data instead of network data to easily test our methods. The image data set used was the MNISTdataset of handwritten digits where one digit class was chosen as theattack data class. The attack data class was reduced in quantity from the training set in order to replicate real world availability of attackdata, different quantities were used to see how well the GAN training setup would perform with class imbalances in the training set and the generated data tested against classifiers acting as IDSs. The classifiers were added to the GAN training loop in order to bias the generator into causing misclassifications and thereby generating adversarial samples. The experiments show that in some cases the majority of thegenerated attack samples managed to fool the IDS while using a small amount of attack data in the training set. Adding the classifier to the training loop managed to further fool the IDS where in some instances only 2% of the generated attack data were detected. The results show that it is possible to generate data that manages to fool the IDS into being classified as something else but that there is more work to be done, getting consistent results was difficult and improving the GAN training setup by using a more advanced GAN model might solve these issues.