ARGAN-IDS: Adversarial Resistant Intrusion Detection Systems using Generative Adversarial Networks

Neural Networks (NNs) are not secure enough to be deployed on security-critical tasks such as Network Intrusion Detection Systems (NIDS). NNs are vulnerable to Adversarial Attacks (AAs), which affect their accuracy in identifying malicious activity, by introducing perturbations on network traffic. This work proposes "Adversarial Resistant Intrusion Detection Systems using GANs" (ARGAN-IDS) a method to address these vulnerabilities. ARGAN-IDS is implemented as a Generative Adversarial Network (GAN) trained on network traffic to protect NIDS. ARGAN-IDS, greatly mitigates the impact of AAs, achieving comparable results to a non-perturbed execution. We show GANs have limitations in differentiating between malicious traffic and traffic altered by AAs. And we address this in ARGAN-IDS by training the GAN on network traffic containing malicious packets. This enhancement significantly improved the GAN's performance, enabling it to identify even highly perturbed adversarial attacks effectively. ARGAN-IDS acts as a neutralizer of perturbations introduced by AAs and mitigates the NIDS vulnerabilities. We have integrated ARGAN-IDS with a state-of-the-art anomaly-based detector, Kitsune. We achieve a reduction of 99.27% of false positives and an improvement of 99.29% of the true negatives, leading to an improvement of roughly 36.75% in overall system accuracy while under AAs.