Intrusion Detection Systems Vulnerability on Adversarial Examples
Keywords:
Anomaly detection, Adversarial examples, intrusion detection systems.Abstract
Intrusion detection systems define an important and dynamic research area for cybersecurity. The role of Intrusion Detection System within security architecture is to improve a security level by identification of all malicious and also suspicious events that could be observed in computer or network system. One of the more specific research areas related to intrusion detection is anomaly detection. Anomaly-based intrusion detection in networks refers to the problem of finding untypical events in the observed network traffic that do not conform to the expected normal patterns. It is assumed that everything that is untypical/anomalous could be dangerous and related to some security events. To detect anomalies many security systems implements a classification or clustering algorithms. However, recent research proved that machine learning models might misclassify adversarial events, e.g. observations which were created by applying intentionally non-random perturbations to the dataset. Such weakness could increase of false negative rate which implies undetected attacks. This fact can lead to one of the most dangerous vulnerabilities of intrusion detection systems. The goal of the research performed was verification of the anomaly detection systems ability to resist this type of attack. This paper presents the preliminary results of tests taken to investigate existence of attack vector, which can use adversarial examples to conceal a real attack from being detected by intrusion detection systems.
References
- Smaha, S.E.: Haystack: an intrusion detection system. In: Fourth Aerospace Computer Security Applications Conference, pp. 37-44. IEEE, Orlando, FL, USA (1988).
- Bhuyan, Monowar H., Bhattacharyya, D. K., Kalita, J. K.: Network Anomaly Detection : Methods, Systems and Tools. IEEE Communications Surveys & Tutorial 16(1), 303-336 (2014).
- Szegedy, Ch., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I. J., Fergus, R. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).
- Goodfellow, I. J., Shlens, J., Szegedy, Ch. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
- Butti, L. presentation: Wi-Fi Advanced Fuzzing, http://www.blackhat.com/presentations/bh-europe- 07/Butti/Presentation/bh-eu-07-Butti.pdf , last accessed 2017/05/30
- Stolfo, S. J., Fan, W., Lee, W., Prodromidis, A., Chan, P. K. “Cost-Based Modeling for Fraud and Intrusion Detection: Results from the JAM Project,” in Proc. of the DARPA Information Survivability Conference and Exposition, vol. 2. USA: IEEE CS, 2000, pp. 130–144
- M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Proc. of the 2nd IEEE International Conference on Computational Intelligence for Security and Defense Applications. USA: IEEE Press, 2009, pp. 53–58.
- Revathi, S., and A. Malathi. "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection." (2013).
- NSL-KDD, “NSL-KDD data set for network-based intrusion detection systems,” http://iscx.cs.unb.ca/NSL-KDD/, March 2009.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT
This work is licensed under a Creative Commons Attribution 4.0 International License.