A Deep Learning-Based Approach for Mimicking Network Topologies: The Neris Botnet as a Case of Study

The number of connected devices to Internet is growing every year, making almost everything in touch. However, this scenario increase the probability of systems and communications of suffering security attacks since the attack surface increases proportionally. To counteract against security attacks and threats Network Intrusion Detection Systems (NIDSs) are one of the most used security defenses nowadays. They rely on the use of predefined dataset's for their training and evaluation. However, datasets inner characteristics directly affect the robustness, reliability and performance of NIDSs. In this work, we propose the use of a Variational Autoencoder (VAE) to accurately generate network topologies. For that, we consider the IP addresses as a categorical information to generate them. Previous works avoid to use IPs to generate synthetic network samples thus losing relevant contextual information for NIDSs. Results show the feasibility of the proposed system to mimic the Neris Botnet behavior and characterizing its node roles.