Skip to main content
SpringerLink
Log in

Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems

  • Original Paper
  • Published:
Optimization Letters Aims and scope Submit manuscript

Abstract

Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The perturbed packets are then transferred and tested against three test network intrusion detection system classifiers with various evasion rates that depend on the classifier and malicious packet type. If the test classifier is of the same architecture as the surrogate model, near-optimal adversarial examples penetrate the test model for 69% of packets whereas the raw examples succeeds for only 5% of packets. This confirms hypotheses that NIDS classifiers are vulnerable to adversarial attacks, motivating research in robust learning for cyber.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data Availability

Raw data is available by request from a third party source, Canadian Institute for Cybersecurity, at the following location: https://www.unb.ca/cic/datasets/ids-2017.html

References

  1. Stallings, W., Brown, L., Bauer, M.D., Howard, M.: Computer Security: Principles and Practice. Pearson Education, Upper Saddle River (2012)

    Google Scholar 

  2. Annarelli, A., Nonino, F., Palombi, G.: Understanding the management of cyber resilient systems. Comput. Ind. Eng. 149, 106829 (2020). https://doi.org/10.1016/j.cie.2020.106829

    Article  Google Scholar 

  3. Garnaev, A., Baykal-Gursoy, M., Vincent Poor, H.: How to deal with an intelligent adversary. Comput. Ind. Eng. 90, 352–360 (2015). https://doi.org/10.1016/j.cie.2015.10.001

    Article  Google Scholar 

  4. Alhajjar, E., Maxwell, P., Bastian, N.: Adversarial machine learning in network intrusion detection systems. Expert Syst. Appl. 186, 115782 (2021). https://doi.org/10.1016/j.eswa.2021.115782

    Article  Google Scholar 

  5. Schneider, M., Aspinall, D., Bastian, N.: Evaluating model robustness to adversarial samples in network intrusion detection. In: Proceedings of the 2021 IEEE International Conference on Big Data, IEEE pp. 3343– 3352 ( 2021)

  6. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)

  7. Rosenberg, I., Shabtai, A., Elovici, Y., Rokach, L.: Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv. (CSUR) 54(5), 1–36 (2021)

    Article  Google Scholar 

  8. Cerf, V., Kahn, R.: A protocol for packet network intercommunication. IEEE Trans. Commun. 22(5), 637–648 (1974). https://doi.org/10.1109/TCOM.1974.1092259

    Article  MATH  Google Scholar 

  9. Hindy, H., Brosset, D., Bayne, E., Seeam, A.K., Tachtatzis, C., Atkinson, R., Bellekens, X.: A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8, 104650–104675 (2020). https://doi.org/10.1109/ACCESS.2020.3000179

    Article  Google Scholar 

  10. Apruzzese, G., Andreolini, M., Ferretti, L., Marchetti, M., Colajanni, M.: Modeling realistic adversarial attacks against network intrusion detection systems. Digit. Threats Res. Pract. (DTRAP) 3(3), 1–19 (2022)

    Article  Google Scholar 

  11. De Lucia, M.J., Maxwell, P.E., Bastian, N.D., Swami, A., Jalaian, B., Leslie, N.: Machine learning raw network traffic detection. SPIE (2021). https://doi.org/10.1117/12.2586114

    Article  Google Scholar 

  12. Bierbrauer, D.A., De Lucia, M., Reddy, K., Maxwell, P., Bastian, N.D.: Transfer learning for raw network traffic detection. Expert Syst. Appl. 211(118641), 1 (2022)

    Google Scholar 

  13. Farrukh, Y.A., Khan, I., Wali, S., Bierbrauer, D., Pavlik, J.A., Bastian, N.D.: Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets. In: Proceedings of the 9th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT2022) (2022)

  14. Applegate, S.D.: The dawn of kinetic cyber. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), IEEE pp. 1– 15 ( 2013)

  15. Anderson, J.P.: Computer security technology planning study-Vol 1. James P. Anderson Co. (1972)

  16. Anderson, J.: Computer security threat monitoring and surveillance. James P. Anderson Co. (1980)

  17. Bejtlich, R.: The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press, San Francisco (2013)

    Google Scholar 

  18. Denning, D., Neumann, P.G.: Requirements and Model for IDES-a Real-Time Intrusion-Detection Expert System. SRI International, Menlo Park (1985)

    Google Scholar 

  19. Cheng, T.-H., Lin, Y.-D., Lai, Y.-C., Lin, P.-C.: Evasion techniques: sneaking through your intrusion detection/prevention systems. IEEE Commun. Surv. Tutorials 14(4), 1011–1020 (2011)

    Article  Google Scholar 

  20. Chernikova, A., Oprea, A.: Fence: feasible evasion attacks on neural networks in constrained environments. ACM Trans. Privacy Sec. 25(4), 1–34 (2022)

    Article  Google Scholar 

  21. Kuppa, A., Grzonkowski, S., Asghar, M.R., Le-Khac, N.-A.: Black box attacks on deep anomaly detectors. In: Proceedings of the 14th International Conference on Availability, Reliability and Security. ARES ’19. Association for Computing Machinery, New York, NY, USA ( 2019). https://doi.org/10.1145/3339252.3339266

  22. Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, pp. 387– 402 (2013)

  23. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations, ICLR 2015 (2015)

  24. Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 372– 387 ( 2016). https://doi.org/10.1109/EuroSP.2016.36

  25. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (sp), IEEE, pp. 39– 57 (2017)

  26. Chollet, F.: Deep Learning with Python. Simon and Schuster, New York (2021)

    Google Scholar 

  27. Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)

    Article  Google Scholar 

  28. Hernández-Pereira, E., Suárez-Romero, J.A., Fontenla-Romero, O., Alonso-Betanzos, A.: Conversion methods for symbolic features: a comparison applied to an intrusion detection problem. Expert Syst. Appl. 36(7), 10612–10617 (2009). https://doi.org/10.1016/j.eswa.2009.02.054

    Article  Google Scholar 

  29. Maxwell, P., Alhajjar, E., Bastian, N.D.: Intelligent feature engineering for cybersecurity. In: 2019 IEEE International Conference on Big Data (Big Data), IEEE, pp. 5005– 5011 (2019)

  30. Chae, H.S., Jo, B.O., Choi, S.H., Park, T.K.: Feature selection for intrusion detection using NSL-KDD. Recent Adv. Comput. Sci. 20132, 184–187 (2013)

    Google Scholar 

  31. Kloft, M., Brefeld, U., Düessel, P., Gehl, C., Laskov, P.: Automatic feature selection for anomaly detection. In: Proceedings of the 1st ACM Workshop on Workshop on AISec, pp. 71– 76 ( 2008)

  32. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1– 6 (2009). https://doi.org/10.1109/CISDA.2009.5356528

  33. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)

    Google Scholar 

  34. Raggett, D., Le Hors, A., Jacobs, I., et al.: Html 4.01 specification. W3C recommendation 24 (1999)

  35. Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., Rieck, K.: Dos and don’ts of machine learning in computer security. In: Proceedings of 31st USENIX Security Symposium, pp. 3971– 3988 (2022)

  36. Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1– 6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942

Download references

Acknowledgements

Special thanks is given to Dr. Elie Alhajjar and Dr. John Pavlik for discussing experimental results throughout the research. This work was supported in part by the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory under Support Agreement No. USMA21050, the U.S. Army DEVCOM C5ISR Center under Support Agreement No. USMA21056, and the U.S. Air Force Research Laboratory under Support Agreement No. USMA2226. The views expressed in this paper are those of the authors and do not reflect the official policy or position of the Air Force Institute of Technology, U.S. Military Academy, U.S. Air Force, U.S. Army, Department of Defense, or U.S. Government.

Author information

Author notes

  1. Bruce Cox, Jeffery Weir and D. Bastian have authors contributed equally to this work.

Authors and Affiliations

  1. Department of Operational Sciences, Air Force Institute of Technology, 2950 Hobson Way, Wright-Patterson AFB, OH, 45433, USA

    Marc Chalé, Bruce Cox, Jeffery Weir & Nathaniel D. Bastian

  2. Army Cyber Institute, United States Military Academy, New South Post Road, West Point, NY, 10996, USA

    Marc Chalé & Nathaniel D. Bastian

Authors
  1. Marc Chalé
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bruce Cox
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeffery Weir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nathaniel D. Bastian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Chalé.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chalé, M., Cox, B., Weir, J. et al. Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems. Optim Lett (2023). https://doi.org/10.1007/s11590-023-02007-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11590-023-02007-7

Keywords

Search

Navigation