Improving Network Intrusion Detection Classiﬁers by Non-payload-Based Exploit-Independent Obfuscations: An Adversarial Approach

Homoliak, Ivan; Teknős, Martin; Ochoa, Martín; Breitenbacher, Dominik; Hosseini, Saeid; Hanáček, Petr

doi:10.4108/eai.10-1-2019.156245

Cited by 22 publications

(54 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A data sample of the dataset D tr refers to the vector of the network connection features, defined in Section II-B. Then, referring to [22] and [23], let X = V × Y be the space of labeled samples, where V represents the space of unlabeled samples and Y represents the space of possible labels. Let D tr = {x 1 , x 2 , .…”

Section: Intrusion Detection Classification Taskmentioning

confidence: 99%

“…For more experiments with this dataset, including trinominal and multi-nominal labels, detection of unknown obfuscations by a custom leave-one-out validation, and individual feature analysis, we refer the reader to [23] and [14].…”

Section: Asnm-npbo Datasetmentioning

confidence: 99%

“…) whose values are sensitive to the obfuscations include: t, size, ip of f , ip sum , tcp sum , tcp seq , tcp ack , tcp of f , tcp f lags , tcp win , tcp urp and data 12. The modifications of P c and P s of the connection c m can cause alteration of values of the original network connection features F m to new ones (see Section II-D).Then we built an obfuscation tool[23] that morphs network characteristics of a TCP connection at network and transport layers of the TCP/IP stack by applying one or a combination of several non-payload-based obfuscation techniques. Execution of direct communications (non-obfuscated…”

mentioning

confidence: 99%

See 2 more Smart Citations

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

Homoliak¹,

Malinka²,

Hanáček³

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

In this paper, we present three datasets that have been built from network traffic traces using ASNM (Advanced Security Network Metrics) features, designed in our previous work. The first dataset was built using a state-of-the-art dataset CDX 2009 that was collected during a cyber defense exercise, while the remaining two datasets were collected by us in 2015 and 2018 using publicly available network services containing buffer overflow and other high severity vulnerabilities. These two datasets contain several adversarial obfuscation techniques that were applied onto malicious as well as legitimate traffic samples during "the execution" of their TCP network connections. Adversarial obfuscation techniques were used for evading machine learning-based network intrusion detection classifiers. We show that the performance of such classifiers can be improved when partially augmenting their training data by samples obtained from obfuscation techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and non-payload-based obfuscations modifying various properties of network traffic by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of packets, etc. To the best of our knowledge, this is the first collection of network traffic data that contains adversarial techniques and is intended for non-payload-based network intrusion detection and adversarial classification. Provided datasets enable testing of the evasion resistance of arbitrary machine learning-based classifiers. INDEX TERMS Dataset, network intrusion detection, adversarial classification, evasions, ASNM features, buffer overflow, non-payload-based obfuscations, tunneling obfuscations.

show abstract

Section: Intrusion Detection Classification Taskmentioning

confidence: 99%

Section: Asnm-npbo Datasetmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

Homoliak¹,

Malinka²,

Hanáček³

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…is the urgency to filter and reduce false alarms [7] developed to make better learning and processing for big data and a variety of attacks for future prediction. We overview deep neural networks in the following section.…”

Section: Thesis Organizationmentioning

confidence: 99%

“…[3] [7] [8] confirm that there are different growing types and methods of attacks that donates a severe challenge on vulnerabilities of DNN architecture design. The fact that the training of DNNs is based on data, classification tasks can be carefully manipulated by crafted perturbations called adversarial samples.…”

mentioning

confidence: 99%

Evaluating Adversarial Learning on Different Types of Deep Learning-based Intrusion Detection Systems using min-max optimization

Khamis¹

View full text Add to dashboard Cite

Explainable Boosting Machines for Network Intrusion Detection with Features Reduction

El-Mihoub

Nolle

Stahl

2022

Artificial Intelligence XXXIX

View full text Add to dashboard Cite

Improving Network Intrusion Detection Classiﬁers by Non-payload-Based Exploit-Independent Obfuscations: An Adversarial Approach

Cited by 22 publications

References 21 publications

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

Evaluating Adversarial Learning on Different Types of Deep Learning-based Intrusion Detection Systems using min-max optimization

Explainable Boosting Machines for Network Intrusion Detection with Features Reduction

Contact Info

Product

Resources

About