Detect &amp; Reject for Transferability of Black-Box Adversarial Attacks Against Network Intrusion Detection Systems

Debicha, Islam; Debatty, Thibault; Dricot, Jean‐Michel; Mees, Wim; Kenaza, Tayeb

doi:10.1007/978-981-16-8059-5_20

Cited by 9 publications

(5 citation statements)

References 12 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method proposes that instead of trying to classify the adversarial instance correctly despite the attack, the adversarial instance is detected and dealt with accordingly. Most often, this action consists in rejecting the detected sample and not letting it pass through the system [24,25,26] Many detection methods in the area of adversarial learning have been proposed. In [25], the authors used the neural activation pattern to detect adversarial perturbations in the image classification domain.…”

Section: Anomaly Detectionmentioning

confidence: 99%

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

Debicha

Bauwens²,

Debatty³

et al. 2023

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

Section: Anomaly Detectionmentioning

confidence: 99%

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

Debicha

Bauwens²,

Debatty³

et al. 2023

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

“…This property was first explored by Goodfellow et al [14], who show that adversarial examples that fool one model can fool other models with a high probability without the need to have the same architecture or be trained on the same dataset. An attacker can exploit the transferability property to launch black-box attacks by creating a surrogate model trained on data following the same distribution as the target model [27]. This can be easily done by sniffing network traffic [28], especially in a botnet scenario where the attacker already has a foothold in the corporate network.…”

Section: Related Workmentioning

confidence: 99%

“…Instead of trying to correctly classify the adversarial instance into its original class, this strategy recommends detecting the adversarial instance and treating it accordingly. The most common action is to reject the identified adversarial sample and prevent it from passing through the system [45,46,27]. Our proposed defense falls into the category of anomaly detection.…”

Section: Related Workmentioning

confidence: 99%

“…Goodfellow et al [14] were the first to investigate this property in computer vision, demonstrating that adversarial examples that fool one model can fool other models with a high probability without the need for the models to have the same architecture or be trained on the same dataset. An attacker can use the transferability property to launch black-box attacks by training a surrogate model on the same data distribution as the target model [27]. Sniffing network traffic is a simple way to accomplish this, especially in a botnet scenario where the attacker already has a foothold in the corporate network [28].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems

Debicha

Cochez

Kenaza

et al. 2023

Computers & Security

View full text Add to dashboard Cite

“…In Detect & Reject [61] the authors first studied the impact of the transferability of the adversarial attacks on the classifiers and then the performance of ensemble IDS using SVM, DT, Logistic Regression (LR),, RF, and Linear Discriminant Analysis (LDA) using the majority voting rule. FGSM and PGD are used to construct adversarial attacks from NSLKDD data.…”

Section: A Proactivementioning

confidence: 99%

Defenses for Adversarial attacks in Network Intrusion Detection System – A Survey

Dhinakaran¹,

Anto²

2023

IJCDS

View full text Add to dashboard Cite

In computer security, machine learning has a greater impact in recent years. Ranging from spam filtering, malware analysis, and traffic analysis to network security the usage of machine learning algorithms are manifold. In the area of network security, machine learning techniques are used especially in developing intrusion detection systems. There are basically two kinds of intrusion detection systems -host intrusion detection systems and network intrusion detection systems. Even though machine learning techniques have greatly improved the efficiency of the intrusion detection systems, they are vulnerable to adversarial attacks which are designed and launched by adaptive adversaries who know the working principles of machine learning models. In recent years adversarial machine learning has gained attention in the domain of machine learning in which attackers exploit the inherent fallacies in the assumptions made in the machine learning models. In the domain of network security especially in intrusion detection systems, the significant role of adversarial machine learning has not been addressed in detail. This survey examines different types of defenses deployed to mitigate the impact of adversarial attacks. Their effectiveness in dealing with attacks is analysed and their limitations are discussed.

show abstract

Detect & Reject for Transferability of Black-Box Adversarial Attacks Against Network Intrusion Detection Systems

Cited by 9 publications

References 12 publications

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems

Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems

Defenses for Adversarial attacks in Network Intrusion Detection System – A Survey

Contact Info

Product

Resources

About