Professional Documents
Culture Documents
to become the input vectors of the traffic examples for IDS- Restriction in generating adversarial examples Al-
GAN. though the main purpose of the adversarial attack examples
In 9 discrete features, there are 3 features in nonnumeric generation is to evade IDS, the premise is that this genera-
values and 6 features in binary values which are 0 or 1. To tion should retain the attack function of the traffic.
convert the feature sequences into the numeric vectors as According to the attack principles and purposes, it is evi-
the input, it is necessary to make the numeric conversion dent that each category of attacks has its functional features,
on the nonnumeric features firstly, including protocol type, which represent the basic function of this attack. On the
service and flag. For instance, “protocol type” has 3 types of other word, the attack attribute remains undisturbed if we
attributes: TCP, UDP and ICMP, which will be encoded into only change the nonfunctional features, not the functional
the numeric discrete values as 1, 2 and 3. features. Therefore, in order to avoid invalidating the traf-
Afterwards, to eliminate the dimensional impact between fic, we must keep the functional features of each attack un-
feature values in the input vectors, the standard scalar is uti- changed. For the nonfunctional features of one attack which
lized to normalize the original and converted numeric fea- don’t represent the function relevant to that attack, we can al-
tures into a specific range. For the better training and testing, ter or retain them. These retained features in the generation,
we implement Min-Max normalization method to transform including functional features, are called the unmodified fea-
data into the interval of [0, 1], which is suitable for all the tures in this paper. As shown in (Lee and Stolfo 2000), the
discrete and continuous features. The Min-Max normaliza- functional features of each category of attacks in NSL-KDD
tion is calculated as below: are presented in Table 1.
Table 2: The performance of IDSGAN under DoS, U2R and R2L. The first and second lines in the table are the black-box IDS’s
original detection rates to the original testing set. “×” in “adding unmodified features” means that the lines are the performance
of IDSGAN with only the functional features unmodified. “X” in “adding unmodified features” means that the lines are the
performance of IDSGAN with the added unmodified features.