Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GMA-SAWGAN-GP: A Novel Data Generative Framework to Enhance IDS Detection Performance

Ziyu Mu, Xiyu Shi, Safak Dogan

Abstract

Intrusion Detection System (IDS) is often calibrated to known attacks and generalizes poorly to unknown threats. This paper proposes GMA-SAWGAN-GP, a novel generative augmentation framework built on a Self-Attention-enhanced Wasserstein GAN with Gradient Penalty (WGAN-GP). The generator employs Gumbel-Softmax regularization to model discrete fields, while a Multilayer Perceptron (MLP)-based AutoEncoder acts as a manifold regularizer. A lightweight gating network adaptively balances adversarial and reconstruction losses via entropy regularization, improving stability and mitigating mode collapse. The self-attention mechanism enables the generator to capture both short- and long-range dependencies among features within each record while preserving categorical semantics through Gumbel-Softmax heads. Extensive experiments on NSL-KDD, UNSW-NB15, and CICIDS2017 using five representative IDS models demonstrate that GMA-SAWGAN-GP significantly improves detection performance on known attacks and enhances generalization to unknown attacks. Leave-One-Attack-type-Out (LOAO) evaluations using Area Under the Receiver Operating Characteristic (AUROC) and True Positive Rate at a 5 percent False Positive Rate confirm that IDS models trained on augmented datasets achieve higher robustness under unseen attack scenarios. Ablation studies validate the contribution of each component to performance gains. Compared with baseline models, the proposed framework improves binary classification accuracy by an average of 5.3 percent and multi-classification accuracy by 2.2 percent, while AUROC and True Positive Rate at a 5 percent False Positive Rate for unknown attacks increase by 3.9 percent and 4.8 percent, respectively, across the three datasets. Overall, GMA-SAWGAN-GP provides an effective approach to generative augmentation for mixed-type network traffic, improving IDS accuracy and resilience.

GMA-SAWGAN-GP: A Novel Data Generative Framework to Enhance IDS Detection Performance

Abstract

Intrusion Detection System (IDS) is often calibrated to known attacks and generalizes poorly to unknown threats. This paper proposes GMA-SAWGAN-GP, a novel generative augmentation framework built on a Self-Attention-enhanced Wasserstein GAN with Gradient Penalty (WGAN-GP). The generator employs Gumbel-Softmax regularization to model discrete fields, while a Multilayer Perceptron (MLP)-based AutoEncoder acts as a manifold regularizer. A lightweight gating network adaptively balances adversarial and reconstruction losses via entropy regularization, improving stability and mitigating mode collapse. The self-attention mechanism enables the generator to capture both short- and long-range dependencies among features within each record while preserving categorical semantics through Gumbel-Softmax heads. Extensive experiments on NSL-KDD, UNSW-NB15, and CICIDS2017 using five representative IDS models demonstrate that GMA-SAWGAN-GP significantly improves detection performance on known attacks and enhances generalization to unknown attacks. Leave-One-Attack-type-Out (LOAO) evaluations using Area Under the Receiver Operating Characteristic (AUROC) and True Positive Rate at a 5 percent False Positive Rate confirm that IDS models trained on augmented datasets achieve higher robustness under unseen attack scenarios. Ablation studies validate the contribution of each component to performance gains. Compared with baseline models, the proposed framework improves binary classification accuracy by an average of 5.3 percent and multi-classification accuracy by 2.2 percent, while AUROC and True Positive Rate at a 5 percent False Positive Rate for unknown attacks increase by 3.9 percent and 4.8 percent, respectively, across the three datasets. Overall, GMA-SAWGAN-GP provides an effective approach to generative augmentation for mixed-type network traffic, improving IDS accuracy and resilience.

Paper Structure

This paper contains 21 sections, 21 equations, 2 figures, 8 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Proposed Methodology
  4. WGAN-GP with Feature-wise SA mechanism
  5. Basics of WGAN-GP
  6. Adversarial Loss Function
  7. Feature-wise Self-Attention Mechanism
  8. Discrete-aware and Continuous heads
  9. The AE Model and Self-Adaptive Loss
  10. Experimental Setup
  11. Datasets for the Proposed Model
  12. IDS Models Used in Experiments
  13. Results And Discussion
  14. Evaluation Metrics
  15. Binary Classification
  16. ...and 6 more sections

Figures (2)

  • Figure 1: The architecture of GMA-SAWGAN-GP: Upper part shows the workflow of the proposed method, while the lower part illustrates the structures of the Generator, Critic, and AutoEncoder blocks. $\alpha,\beta$ are adaptive mixing weights output by the gating network $f_{\omega}$ to balance $L_{g}^{AE}$ and $L_d$.
  • Figure 2: PCA projections of real and synthetic traffic across three datasets. Rows label (a)–(c) correspond to CICIDS2017, UNSW-NB15, and NSL-KDD, respectively. Columns show the original training data and synthetic samples generated by different GAN-based models. In each plot, the horizontal and vertical axes correspond to the first and second principal components of PCA. Colors indicate a standardized scalar, with scales shown on the right side.