Polymorphic Adversarial DDoS attack on IDS using GAN

Chauhan, Ravi; Heydari, Shahram Shah

doi:10.1109/isncc49221.2020.9297264

Cited by 34 publications

(22 citation statements)

References 24 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chauhan et al [33] used GANs to demonstrate that deep learning methods were not sufficient in the detection of new attack profiles. They first trained a GAN based on the CICIDS2017 [32] dataset and used the SHapley Additive exPlanations (SHAP) [34] method to extract features from the dataset based on their importance and impact on the output.…”

Section: Related Workmentioning

confidence: 99%

Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset

et al. 2022

View full text Add to dashboard Cite

The rapid growth of Internet of Things (IoT) is expected to add billions of IoT devices connected to the Internet. These devices represent a vast attack surface for cyberattacks. For example, these IoT devices can be infected with botnets to enable Distributed Denial of Service (DDoS) attacks. Signaturebased intrusion detection systems are traditional countermeasures for such attacks. However, these methods rely on human experts and are time-consuming in terms of updates and may not exhaust all attack types especially zero-day attacks. Deep learning has shown some promise in intrusion detection. This paper shows that it is possible to use generative deep learning methods like Adversarial Autoencoders (AAE) and Bidirectional Generative Adversarial Networks (BiGAN) to detect intruders based on an analysis of the network data. The recently posted full IoT-23 dataset based on Somfy door lock, Philips Hue and Amazon Echo devices was used to train generative deep learning models to detect a variety of attacks like DDoS, and various botnets like Mirai, Okiruk and Torii. Over 1.8 million network flows were used to train the various models. The resulting generative models outperform traditional machine learning techniques like Random Forests. Both AAE and BiGAN-based models were able to achieve an F1-Score of 0.99. A BiGAN to detect unknown attacks was also trained to detect novel zero-day attacks with an F1-Score from 0.85 to 1.

show abstract

Section: Related Workmentioning

confidence: 99%

Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset

et al. 2022

View full text Add to dashboard Cite

show abstract

“…An area under curve (AUC) score of 75% is also reported, proving that the evaluator cannot differentiate between the real data and the generated synthetic data. In [36], it is shown that even after defensive systems are developed which employ incremental learning, they can still be vulnerable to new attacks if the attack profile is changed. Another challenge while detecting DoS and DDoS attacks is to be able to differentiate between the flash crowds and the actual attacks.…”

Section: Detecting Ddos Attacks Using Adversarial Machinementioning

confidence: 99%

“…Although [29,34,36,37] have described and proved that an AI model can be trained to generate new synthetic instances and fool the security systems, they have not provided any concrete solution on how a classifier can be trained to detect such kind of generated synthetic adversarial instances. An attacker can use these generated synthetic instances to generate evasion attacks on the security systems to make the classifier misclassify those samples.…”

Section: Detecting Ddos Attacks Using Adversarial Machinementioning

confidence: 99%

See 1 more Smart Citation

Enhanced Security Against Volumetric DDoS Attacks Using Adversarial Machine Learning

Shroff

Walambe

Singh³

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

With the increasing number of Internet users, cybersecurity is becoming more and more critical. Denial of service (DoS) and distributed denial of service (DDoS) attacks are two of the most common types of attacks that can severely affect a website or a server and make them unavailable to other users. The number of DDoS attacks increased by 55% between the period January 2020 and March 2021. Some approaches for detecting the DoS and DDoS attacks employing different machine learning and deep learning techniques are reported in the literature. Recently, it is also observed that the attackers have started leveraging state-of-the-art AI tools such as generative models for generating synthetic attacks which fool the standard detectors. No concrete approach is reported for developing and training the models which are not only robust in the detection of standard DDoS attacks but which can also detect adversarial attacks which are created synthetically by the attackers with harmful intentions. To that end, in this work, we employ a generative adversarial network (GAN) to develop such a robust detector. The proposed framework can generate and classify the synthetic benign (normal) and malignant (DDoS) instances which are very similar to the corresponding real instances as evaluated by similarity scores. The GAN-based model also demonstrates how effectively the malicious actors can generate adversarial DDoS network traffic instances which look like normal instances using feature modification which are very difficult for the classifier to detect. An approach on how to make the classifiers robust enough to detect such kinds of deliberate adversarial attacks via modifying some specific attack features manually is also proposed. This work provides the first step towards developing a generic and robust detector for DDoS attacks originating from various sources.

show abstract

“…Chauhan and Heydari [32] implemented polymorphic DDoS attacks using GANs in order to assess NIDS's ability at detecting adversarial examples and to enhance the training process for better resilience. The polymorphic DDoS attacks are generated by updating the DDoS attack profile features (i.e., number of features and swapping features), merging them with the previously created adversarial examples, and feeding them to the GAN model.…”

Section: A Generation Of Aes To Attack Ml-based Nids Modelsmentioning

confidence: 99%