AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

Andreolini, Mauro; Marchetti, Mirco; Colacino, Vincenzo Giuseppe; Russo, Giacomo

doi:10.3390/sym12040653

Cited by 17 publications

(11 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Notably, we observe a slight drop in precision on the SYN datasets, and in recall score on the CICIDS2017 dataset. This indicates that a few ambiguous network flows are misclassified, which matches the observations made in [17] after adversarial training and [32] after employing ensemble learning to improve robustness.…”

Section: A Evaluation In Normal Settingssupporting

confidence: 84%

GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

Abdelaty

Scott-Hayward²,

Doriguzzi-Corin

et al. 2021

2021 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

Machine Learning (ML) has proven to be effective in many application domains. However, ML methods can be vulnerable to adversarial attacks, in which an attacker tries to fool the classification/prediction mechanism by crafting the input data. In the case of ML-based Network Intrusion Detection Systems (NIDSs), the attacker might use their knowledge of the intrusion detection logic to generate malicious traffic that remains undetected. One way to solve this issue is to adopt adversarial training, in which the training set is augmented with adversarial traffic samples. This paper presents an adversarial training approach called GADoT, which leverages a Generative Adversarial Network (GAN) to generate adversarial DDoS samples for training. We show that a state-of-the-art NIDS with high accuracy on popular datasets can experience more than 60% undetected malicious flows under adversarial attacks. We then demonstrate how this score drops to 1.8% or less after adversarial training using GADoT.

show abstract

Section: A Evaluation In Normal Settingssupporting

confidence: 84%

GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

Abdelaty

Scott-Hayward²,

Doriguzzi-Corin

et al. 2021

2021 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

show abstract

“…It is worth mentioning that other works have studied the use of ensemble techniques to improve the detection rate against adversarial attacks, such as [17], [14] and [28], although in these papers the use of ensemble techniques has a different meaning than the one we consider in this paper. For them, the ensemble technique is to train each classifier on a specific attack or application to ensure proper tuning for that task, but this might lead to less generalization in the training process, making it difficult to handle unknown attacks.…”

Section: Anomaly Detectionmentioning

confidence: 99%

“…The overall scheme for them is to assemble multiple classifiers, each specialized in a particular attack or application, whereas for ours, each instance is inspected by all components of the ensemble scheme leading to a deeper inspection of each particular instance. It should also be noted that approaches [17], [14] and [28] seek to make the classifier robust by adding and/or filtering the training data used to train the model. This is not always possible, especially in the case of an already trained and deployed IDS.…”

Section: Anomaly Detectionmentioning

confidence: 99%

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

Debicha

Bauwens²,

Debatty³

et al. 2023

Future Generation Computer Systems

View full text Add to dashboard Cite

“…Adversarial attacks will make the system miss or cause a misjudgment. Apruzzese et al [37] address this problem by presenting AppCon, an approach to harden intrusion detectors against adversarial evasion attacks. The proposal leverages the integration of ensemble learning into realistic network environments, improving the detection rate against evasion attacks.…”

Section: Shortcomingsmentioning

confidence: 99%

Network Attack Detection Method of the Cyber-Physical Power System Based on Ensemble Learning

Cao

Wang

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

With the rapid development of power grid informatization, the power system has evolved into a multi-dimensional heterogeneous complex system with high cyber-physical integration, denoting the Cyber-Physical Power System (CPPS). Network attack, in addition to faults, becomes an important factor restricting the stable operation of the power system. Under the influence of network attacks, to improve the operational stability of CPPSs, this paper proposes a CPPS network attack detection method based on ensemble learning. First, to solve the shortcomings of a low detection precision caused by insufficient network attack samples, a power data balancing processing method was proposed. Then, the LightGBM ensemble was constructed to detect network attack events and lock the fault points caused by the attack. At the same time, in the process of gradient boost, the focal loss was introduced to optimize the attention weight of the classifier to the misclassified samples, thus improving the network attack detection precision. Finally, we propose an effective evaluation method of the network attack detection model based on cyber-physical comprehensive consideration. In addition, the cyber-physical power system stability under the action of the network attack detection model is quantitatively analyzed. The experimental results show that the F1 score of network attack detection increases by 16.73%, and the precision increases by 15.67%.

show abstract

AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

Cited by 17 publications

References 57 publications

GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

Network Attack Detection Method of the Cyber-Physical Power System Based on Ensemble Learning

Contact Info

Product

Resources

About