APELID: Enhancing real-time intrusion detection with augmented WGAN and parallel ensemble learning

This paper proposes an AI-powered intrusion detection method that improves intrusion detection performance by increasing the quality of the training set and employing numerous potent AI models. Composed of the Augmented Wasserstein Generative Adversarial Networks (AWGAN) and Parallel Ensemble Learning-based Intrusion Detection (PELID) algorithms, it is referred to as APELID. First, to augment the training set quality, AWGAN combines a clustering algorithm to select representative samples from the majority classes and WGAN to generate more realistic samples from the minority classes. Second, PELID employs a weighted ensemble of multiple efficient AI models in parallel to improve the efficacy of AI-powered intrusion detection. In addition, APELID also incorporates a sandbox-based malware analyzer. It aims to enrich the indicators of compromise for preventing malicious files that have been transferred over the network. Rigorous experiments utilizing well-known datasets, such as CSE-CIC-IDS2018 and NSL-KDD, are conducted in order to evaluate APELID. Hence, it achieves an outstanding F1-score of 99.99% and 99.65% and a remarkably low false negative rate of 0.00% and 0.34%, respectively, which is superior to state-of-the-art methods. In addition, the average PELID-based detection time (i.e., 22.29 mu s/flow) for a single network traffic flow is fast enough to detect intrusions in real-time.