MARK: Fill in the blanks through a JointGAN based data augmentation for network anomaly detection

In this paper, we present MARK, a data synthesis method to synthesize patterns for evolving normal network behaviors as well as unknown network attacks for detection of an anomaly in the network. We propose a novel semi-supervised learning approach that takes data (containing normal behaviors and known attacks) and apply clustering to determine the space of unavailable patterns that need to be generated for evolving normal behaviors as well as unknown network attacks. We have extended the JointGAN model with a new min-max game making JointGAN as a distribution aware data synthesis approach. It generates the identified sample space by computing joint distribution over two distinct latent spaces (clusters) produced by semi-supervised learning approach. After that, the generated sample space is used to train the model. MARK uses labeled data as a base for generating unavailable data to improve the model training performance. The key novelty is that our approach detects the emerging network attacks with no labeled data. We evaluate this idea and show our approach can train a model that outperforms existing methods with no labeled data.