Anomalous Detection System with Improved Deep Learning Training Method for Software Defined Networks
The field of software defined networks (SDN) is paving the way for some of the most interesting and game changing ways we look at cybersecurity as it relates to Industry 4.0. Since an industrial IoT (IIoT) system is a cyber physical system that combines field-deployed devices as well as back-end Cloud Infrastructure, it presents a particularly large surface area for a cyber-attack. Recent advances now make it possible to use Deep Learning neural networks for both the controllability of a network and anomaly detection, as well as for real-time intrusion detection. The proposed architecture addresses some of the issues of distributed networks as well as the improvement on the training aspect of similar SDN deep learning models. The first method presents an algorithm that stretches a distributed IDS system from the edge layer to the device layer. This causes the device layer to utilize an IDS or ADS to determine irregular resource patterns for substantial malware detection or anomalous behavior analysis. The second method proposes using a Deep Convolutional Generative Adversarial Network (DCGAN) to improve the training and testing of a Convolutional Neural Network (CNN) by generating normal samples to balance the UNSW-NB15 network traffic dataset. The proposed scheme increases the precision of both the binary and the categorical classifications. The DCGAN solution increases the accuracy of the normal data by 4% and the overall recall by an additional 7%.