TY - JOUR
T1 - Deep reinforcement learning based Evasion Generative Adversarial Network for botnet detection
AU - Randhawa, Rizwan Hamid
AU - Aslam, Nauman
AU - Alauthman, Mohammad
AU - Khalid, Muhammad
AU - Rafiq, Husnain
N1 - Funding information: This work was supported under the Research and Development Fund (RDF) of Northumbria University, Newcastle upon Tyne, UK.)
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Botnet detectors based on machine learning are potential targets for adversarial evasion attacks. Several research works employ adversarial training with samples generated from generative adversarial nets (GANs) to make the botnet detectors adept at recognising adversarial evasions. However, the synthetic evasions may not follow the original semantics of the input samples. This paper proposes a novel GAN model leveraged with deep reinforcement learning (DRL) to explore semantic aware samples and simultaneously harden its detection. A DRL agent is used to attack the discriminator of the GAN that acts as a botnet detector. The agent trains the discriminator on the crafted perturbations during the GAN training, which helps the GAN generator converge earlier than the case without DRL. We name this model RELEVAGAN, i.e. [“relieve a GAN” or deep REinforcement Learning-based Evasion Generative Adversarial Network] because, with the help of DRL, it minimises the GAN’s job by letting its generator explore the evasion samples within the semantic limits. During the GAN training, the attacks are conducted to adjust the discriminator weights for learning crafted perturbations by the agent. RELEVAGAN does not require adversarial training for the ML classifiers since it can act as an adversarial semantic-aware botnet detection model. The code will be available at https://github.com/rhr407/RELEVAGAN.
AB - Botnet detectors based on machine learning are potential targets for adversarial evasion attacks. Several research works employ adversarial training with samples generated from generative adversarial nets (GANs) to make the botnet detectors adept at recognising adversarial evasions. However, the synthetic evasions may not follow the original semantics of the input samples. This paper proposes a novel GAN model leveraged with deep reinforcement learning (DRL) to explore semantic aware samples and simultaneously harden its detection. A DRL agent is used to attack the discriminator of the GAN that acts as a botnet detector. The agent trains the discriminator on the crafted perturbations during the GAN training, which helps the GAN generator converge earlier than the case without DRL. We name this model RELEVAGAN, i.e. [“relieve a GAN” or deep REinforcement Learning-based Evasion Generative Adversarial Network] because, with the help of DRL, it minimises the GAN’s job by letting its generator explore the evasion samples within the semantic limits. During the GAN training, the attacks are conducted to adjust the discriminator weights for learning crafted perturbations by the agent. RELEVAGAN does not require adversarial training for the ML classifiers since it can act as an adversarial semantic-aware botnet detection model. The code will be available at https://github.com/rhr407/RELEVAGAN.
KW - Low data regimes
KW - GANs
KW - ACGAN
KW - EVAGAN
KW - Botnet
UR - http://www.scopus.com/inward/record.url?scp=85172025012&partnerID=8YFLogxK
U2 - 10.1016/j.future.2023.09.011
DO - 10.1016/j.future.2023.09.011
M3 - Article
SN - 0167-739X
VL - 150
SP - 294
EP - 302
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -