Journal article
Class-Specific GAN-Based Minority Data Augmentation for Cyberattack Detection Using the UWF-ZeekData22 Dataset
Technologies (Basel), Vol.14(2), p.117
02/2026
Web of Science ID: WOS:001700970200001
Metrics
1 Record Views
Abstract
Intrusion detection systems (IDS) often struggle to detect rare but high-impact attack behaviors due to severe class imbalance in real-world network traffic. This work proposes a class-specific GAN-based augmentation framework that explicitly targets sparsity in the minority-class in structured cybersecurity datasets. Unlike prior GAN-based approaches that employ global augmentation or anomaly-driven synthesis, separate Generative Adversarial Networks (GANs) are trained independently for each MITRE ATT&CK tactic using only real minority-class samples, enabling focused distribution learning without contamination from benign traffic. Using a relatively new network traffic dataset, UWF-ZeekData22, the proposed framework augments minority classes under conditions of extreme sample sparsity, where traditional classifiers and interpolation-based oversampling methods are ineffective or statistically unreliable. Five traditional classifiers—Logistic Regression, Support Vector Machine (SVM), k-Nearest Neighbors (KNN), Decision Tree, and Random Forest—are evaluated before and after augmentation using stratified 5-fold cross-validation. Experimental results show that class-specific GAN augmentation consistently improves recall and F1-score for rare attack tactics, with the largest gains observed under extreme sparsity where pre-augmentation evaluation was infeasible. Notably, false-negative rates are substantially reduced without degrading majority-class performance, demonstrating that the proposed approach enhances minority-class separability rather than inflating evaluation metrics. These findings demonstrate that class-specific GAN-based augmentation is a practical and robust data-level strategy for improving the detection of rare MITRE ATT&CK-aligned attack behaviors in machine-learning-based IDSs.
Details
- Title
- Class-Specific GAN-Based Minority Data Augmentation for Cyberattack Detection Using the UWF-ZeekData22 Dataset
- Publication Details
- Technologies (Basel), Vol.14(2), p.117
- Resource Type
- Journal article
- Publisher
- MDPI
- Number of pages
- 49
- Grant note
- 2021 NCAE-C-002: Cyber Research Innovation Grant Program: H98230-21-1-0170 the Askew Institute at the University of West Florida
This research was supported by 2021 NCAE-C-002: Cyber Research Innovation Grant Program, Grant Number: H98230-21-1-0170. This research was also partially supported by the Askew Institute at the University of West Florida.
- Copyright
- © the author(s)
- Identifiers
- WOS:001700970200001; 99381682204106600
- Academic Unit
- Cybersecurity and Information Technology; Mathematics and Statistics; Computer Science; Hal Marcus College of Science and Engineering
- Language
- English