6533b858fe1ef96bd12b60b7

RESEARCH PRODUCT

A Generative Adversarial Approach for Packet Manipulation Detection

ÅSmund Kamphaug

subject

IKT590VDP::Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550

description

Master's thesis Information- and communication technology IKT590 - University of Agder 2018 Over the years, machine learning has been used together with intrusion detection systems to protect networks against different threats. The evolution of machine learning has exploded and there are new types of of machine learning algorithms being studied on different fields. Networks security is not one these fields that have the most research, and with the continuous change in the way attacks are appearing, machine learning in network security is more alluring than ever. The intention of this thesis is to present a solution that shows that using machine learning in intrusion detection domain is a way to enhance network security. Several different generative techniques have emerged from the latest years of deep learning research. One particular that stands out is The Generative Adversarial Network (GAN), that is largely used in the field of image generation. These techniques is based on the idea of two networks competing against each other and trying to be superior than the other. This thesis follows a quantitative methodology and a combination of experimentation and engineering research. The study focuses on how well the developed solution performs on detecting networks attacks and how well it can learn to recreate networks packets. This approach implements a modified version of the generative adversarial network, by implementing an optimisation training step to the regular algorithm. The results shows that with this new type of generative adversarial network the accuracy increases from 2 % to 100 % when detecting DARPA99 labelled attacks. The results also shows that the solution experiences mode collapse when creating new network packets, but the model is able to create real network packets that are approved by Wiresharks syntax check and also for the human eye looks like normal network packets.

yearjournalcountryeditionlanguage
2018-01-01
http://hdl.handle.net/11250/2563322