NIAD+ML
Introduction to NN
Architectures
GAN

GAN

Generative modelling is an unsupervised learning task in machine learning that involves automatically discovering and learning the patterns in input data in such a way that the model can be used to generate new samples that plausibly could have been derived from the original dataset.

Generative models can be used for various applications such as image generation, speech generation, and data augmentation.

Once the model is trained, it can be used to generate new data by leveraging the learned distribution of the original data.

The generated data can be similar to the original, but with some variations or noise.

Examples of generative modelling

  • A dataset containing images of cats could be used to build a model that can generate a new image of a cat that has never existed but still looks almost realistic
    • This is possible because the model has learned the general patterns of the appearance of a cat
  • ChatGPT: it is trained in a generative manner on a diverse range of text data
    • The model behind ChatGPT is pre-trained on a diverse range of internet text
    • The model has learned to capture patterns and structures in the training data, enabling it to generate human-like text in a wide variety of contexts

Generative Adversarial Networks (GANs)

A Generative Adversarial Network (GAN) is an approach to generative modelling.

A GAN is a machine learning model designed by Ian Goodfellow et al. in 2014 [1] that consists of two neural networks, the generator and the discriminator, which compete with each other using deep learning methods to become more accurate in their prediction.

GANs are a clever way of training a generative model by framing the problem as a supervised learning problem with two sub-models:

  • the generator model that we train to generate new examples (e.g., fake traffic flows)
    • it takes random noise as input and generates data
    • the goal of the generator is to produce realistic data that is indistinguishable from real data in the training set
  • the discriminator model tries to classify examples as either real (from the domain) or fake (generated)
    • the discriminator is trained to correctly classify the source of the input data

Adversarial training

The generator and discriminator are trained in a competitive fashion:

  • The generator aims to produce data that is realistic enough to fool the discriminator
  • the discriminator aims to become better at distinguishing between real and generated data
  • This adversarial process leads both networks to improve over time

The outcome of training a GAN is a generator that can produce realistic synthetic data from random noise.

  • Thus, the generator learns to transform random noise into meaningful output

![[gan.png]]

Training the discriminator

First phase: we train the discriminator using real and fake traffic samples

The latter are produced by the Generator using random numbers

  • ‣ The labels are 0 for fake samples and 1 for real samples
  • ‣ Trained for one step using, e.g., binary crossentropy

$$Loss = -\frac{1}{s} \sum_{j=1}^{s} (y^{[j]} \log \hat{y}^{[j]} + (1 - y^{[j]}) \log(1 - \hat{y}^{[j]})) $$ ‣ The weights of the Generator are frozen

![[training_discriminator.png]]

Backpropagation in discriminator training (source:https://developers.google.com/)

Training the generator

![[training_the_generator.png]]

Second phase: we train the generator only using fake traffic samples

  • Since we want the Discriminator to classify the fake samples as real, we label them as real (label 1)
  • Backpropagate through both the discriminator and generator to obtain gradients.
  • The weights of the Discriminator are frozen now, so the back-propagation will affect only the Generator
  • The generator loss penalises the generator for failing to fool the discriminator

[!NOTE] The generator never sees real samples. However, it gradually learns to produce convincing fake samples exploiting the gradients flowing back through the discriminator.

Training the GAN as a whole

GAN training is executed by alternating discriminator and generator training:

  • 1.The discriminator is trained from one or more epochs
  • 2.Then, the generator is trained for one or more epochs
  • 3.Repeat steps 1 and 2 until the generator generates perfect fake samples and the discriminator’s accuracy goes down to
  • 50% (i.e., the discriminator is forced to guess)

Stopping criterion:

  • As training progresses, the generator’s loss and the discriminator’s accuracy on fake samples should ideally decrease, indicating that the generator is learning to produce realistic samples that the discriminator finds difficult to classify Note 1: nothing guarantees that an equilibrium will be reached

For instance, if the GAN training continues after the discriminator starts providing random feedback, the generator may begin learning from flawed feedback and deteriorate in quality

Note 2: GANs are very sensitive to hyper-parameters and they often require a considerable effort in fine-tuning them

Why GANs in cybersecurity?

  • One of the many major advancements in the use of deep learning methods in many domains is a technique called data augmentation
  • Data augmentation results in better-performing models, both increasing model skill and providing a regularising effect, reducing overfitting
    • It works by creating new, artificial but plausible examples from the input problem domain on which the model is trained
  • Examples:
    • Unbalanced datasets: GAN-based generators can be exploited to enrich the training set with fake samples of small network attack classes (balancing)
    • Anomaly detection: The generator can be used to enrich the training set with fake samples of benign traffic and make the model less prone to false alarms

Robustness to Adversarial Machine Learning Attacks

Definition: An Adversarial Machine Learning (AML) attack is an intentional attempt to deceive a machine learning model by introducing specifically crafted inputs that cause the model to make incorrect predictions or classifications

  • GANs can produce adversarial samples that simulate potential evasion techniques attackers might use to bypass the NIDS
  • These samples can be introduced during the training phase of the NIDS, allowing the system to learn how to identify subtle attack patterns that may otherwise go unnoticed By including these adversarial examples, the NIDS model becomes better equipped to recognise both known and novel forms of malicious traffic, reducing the chance that future AML attacks will succeed
CNN