Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Andreolini, Mauro; Ferretti, Luca; Marchetti, Mirco; Colajanni, Michele

doi:10.1145/3469659

Cited by 71 publications

(44 citation statements)

References 83 publications

(119 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although mixing data from different networks can result in more resilient ML-NIDS (cf. §II-B), relying on public datasets exposes to 'poisoning' attacks [51]. In these circumstances, training a ML-NIDS on such data would have the opposite effect of adversarial training.…”

Section: C7mentioning

confidence: 99%

The Cross-Evaluation of Machine Learning-Based Network Intrusion Detection Systems

Pajola

Conti

2022

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

Enhancing Network Intrusion Detection Systems (NIDS) with supervised Machine Learning (ML) is tough. ML-NIDS must be trained and evaluated, operations requiring data where benign and malicious samples are clearly labelled. Such labels demand costly expert knowledge, resulting in a lack of real deployments, as well as on papers always relying on the same outdated data. The situation improved recently, as some efforts disclosed their labelled datasets. However, most past works used such datasets just as a 'yet another' testbed, overlooking the added potential provided by such availability.In contrast, we promote using such existing labelled data to cross-evaluate ML-NIDS. Such approach received only limited attention and, due to its complexity, requires a dedicated treatment. We hence propose the first cross-evaluation model. Our model highlights the broader range of realistic use-cases that can be assessed via cross-evaluations, allowing the discovery of still unknown qualities of state-of-the-art ML-NIDS. For instance, their detection surface can be extended-at no additional labelling cost. However, conducting such cross-evaluations is challenging. Hence, we propose the first framework, XeNIDS, for reliable cross-evaluations based on Network Flows. By using XeNIDS on six well-known datasets, we demonstrate the concealed potential, but also the risks, of cross-evaluations of ML-NIDS.

show abstract

Section: C7mentioning

confidence: 99%

The Cross-Evaluation of Machine Learning-Based Network Intrusion Detection Systems

Pajola

Conti

2022

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

show abstract

“…This is a pertinent aspect of the cybersecurity domain, where white-box is a highly unlikely setting. Considering that a NIDS is developed in a secure context, an attacker will commonly face a blackbox setting, or occasionally gray-box [8], [9].…”

Section: Related Workmentioning

confidence: 99%

“…In a real computer network, an example must fulfil the domain constraints of the utilized communication protocols and the class-specific constraints of each type of cyberattack. Apruzzese et al [8] proposed a taxonomy to evaluate the feasibility of an adversarial attack against a NIDS, based on access to the training data, knowledge of the model and feature set, reverse engineering and manipulation capabilities. It can provide valuable guidance to establish the concrete constraints of each level for a specific system.…”

Section: Related Workmentioning

confidence: 99%

Adaptative Perturbation Patterns: Realistic Adversarial Learning for Robust Intrusion Detection

2022

View full text Add to dashboard Cite

Adversarial attacks pose a major threat to machine learning and to the systems that rely on it. In the cybersecurity domain, adversarial cyber-attack examples capable of evading detection are especially concerning. Nonetheless, an example generated for a domain with tabular data must be realistic within that domain. This work establishes the fundamental constraint levels required to achieve realism and introduces the adaptative perturbation pattern method (A2PM) to fulfill these constraints in a gray-box setting. A2PM relies on pattern sequences that are independently adapted to the characteristics of each class to create valid and coherent data perturbations. The proposed method was evaluated in a cybersecurity case study with two scenarios: Enterprise and Internet of Things (IoT) networks. Multilayer perceptron (MLP) and random forest (RF) classifiers were created with regular and adversarial training, using the CIC-IDS2017 and IoT-23 datasets. In each scenario, targeted and untargeted attacks were performed against the classifiers, and the generated examples were compared with the original network traffic flows to assess their realism. The obtained results demonstrate that A2PM provides a scalable generation of realistic adversarial examples, which can be advantageous for both adversarial training and attacks.

show abstract

“…Their focus is on the visual domain and they do not specifically discuss IDS or functionalitypreserving adversarial attacks. Apruzzese et al [27] examine adversarial examples and consider realistic attacks, highlighting that most literature considers adversaries with complete knowledge about the classifier and are free to interact with the target systems. They Further emphasize that few works consider 'relizable' perturbations that take account of domain and/or realworld constraints.…”

mentioning

confidence: 99%

Functionality-preserving Adversarial Machine Learning For Robust Classification In Cybersecurity And Intrusion Detection Domains: A Survey

McCarthy¹,

Ghadafi²,

Andriotis³

et al. 2022

Preprint

View full text Add to dashboard Cite

Machine learning has become widely adopted as a strategy for dealing with a variety of cybersecurity issues, ranging from insider threat detection to intrusion and malware detection. However, by their very nature, machine learning systems can introduce vulnerabilities to a security defence whereby a learnt model is unaware of so-called adversarial examples that may intentionally result in mis-classification and therefore bypass a system. Adversarial machine learning has been a research topic for over a decade and is now an accepted but open problem. Much of the early research on adversarial examples has addressed issues related to computer vision, yet as machine learning continues to be adopted in other domains, then likewise it is important to assess the potential vulnerabilities that may occur. A key part of transferring to new domains relates to functionality-preservation, such that any crafted attack can still execute the original intended functionality when inspected by a human and/or a machine. In this literature survey, our main objective is to address the domain of adversarial machine learning attacks and examine the robustness of machine learning models in the cybersecurity and intrusion detection domains. We identify the key trends in current work observed in the literature, and explore how these relate to the research challenges that remain open for future works. Inclusion criteria were: articles related to functionality-preservation in adversarial machine learning for cybersecurity or intrusion detection with insight into robust classification. Generally, we excluded works that are not yet peer-reviewed; however, the authors include some significant papers that make a clear contribution to the domain. There is a risk of subjective bias in the selection of non-peer reviewed articles; however, this is mitigated by co-author review. We selected the following databases with a sizeable computer science element to search and retrieve literature: IEEE Xplore, ACM Digital Library, ScienceDirect, Scopus, SpringerLink,Google Scholar. The literature search was conducted upto January 2022. We have striven to ensure a comprehensive coverage of the domain to the best of our knowledge. We have performed systematic searches of the literature, noting our search terms and results, and following up on all materials that appear relevant and fit within the topic domains of this review. This research was funded by the Partnership PhD scheme at the University of the West of England in collaboration with Techmodal Ltd.

show abstract

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Cited by 71 publications

References 83 publications

The Cross-Evaluation of Machine Learning-Based Network Intrusion Detection Systems

The Cross-Evaluation of Machine Learning-Based Network Intrusion Detection Systems

Adaptative Perturbation Patterns: Realistic Adversarial Learning for Robust Intrusion Detection

Functionality-preserving Adversarial Machine Learning For Robust Classification In Cybersecurity And Intrusion Detection Domains: A Survey

Contact Info

Product

Resources

About