Open Access

ARTICLE

DEMGAN: A Machine Learning-Based Intrusion Detection System Evasion Scheme

Dawei Xu^1,2,3, Yue Lv¹, Min Wang¹, Baokun Zheng^4,*, Jian Zhao^1,3, Jiaxuan Yu⁵

1 College of Computer Science and Technology, Changchun University, Changchun, 130022, China
2 School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, 100081, China
3 Key Laboratory of Intelligent Rehabilitation and Barrier-free for the Disabled (Changchun University), Ministry of Education, Changchun, 130022, China
4 School of Information Management for Law, China University of Political Science and Law, Beijing, 102249, China
5 College of Artificial Intelligence, Nankai University, Tianjin, 300350, China

* Corresponding Author: Baokun Zheng. Email:

Computers, Materials & Continua 2025, 84(1), 1731-1746. https://doi.org/10.32604/cmc.2025.064833

Received 25 February 2025; Accepted 16 April 2025; Issue published 09 June 2025

Abstract

Network intrusion detection systems (IDS) are a prevalent method for safeguarding network traffic against attacks. However, existing IDS primarily depend on machine learning (ML) models, which are vulnerable to evasion through adversarial examples. In recent years, the Wasserstein Generative Adversarial Network (WGAN), based on Wasserstein distance, has been extensively utilized to generate adversarial examples. Nevertheless, several challenges persist: (1) WGAN experiences the mode collapse problem when generating multi-category network traffic data, leading to subpar quality and insufficient diversity in the generated data; (2) Due to unstable training processes, the authenticity of the data produced by WGAN is often low. This study improves WGAN to address these issues and proposes a new adversarial sample generation algorithm called Distortion Enhanced Multi-Generator Generative Adversarial Network (DEMGAN). DEMGAN effectively evades ML-based IDS by proficiently obfuscating network traffic data samples. We assess the efficacy of our attack method against five ML-based IDS using two public datasets. The results demonstrate that our method can successfully bypass IDS, achieving average evasion rates of 97.42% and 87.51%, respectively. Furthermore, empirical findings indicate that retraining the IDS with the generated adversarial samples significantly bolsters the system’s capability to detect adversarial samples, resulting in an average recognition rate increase of 86.78%. This approach not only enhances the performance of the IDS but also strengthens the network’s resilience against potential threats, thereby optimizing network security measures.

---

Keywords

---