Abstract
Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The perturbed packets are then transferred and tested against three test network intrusion detection system classifiers with various evasion rates that depend on the classifier and malicious packet type. If the test classifier is of the same architecture as the surrogate model, near-optimal adversarial examples penetrate the test model for 69% of packets whereas the raw examples succeeds for only 5% of packets. This confirms hypotheses that NIDS classifiers are vulnerable to adversarial attacks, motivating research in robust learning for cyber.
Similar content being viewed by others
Data Availability
Raw data is available by request from a third party source, Canadian Institute for Cybersecurity, at the following location: https://www.unb.ca/cic/datasets/ids-2017.html
References
Stallings, W., Brown, L., Bauer, M.D., Howard, M.: Computer Security: Principles and Practice. Pearson Education, Upper Saddle River (2012)
Annarelli, A., Nonino, F., Palombi, G.: Understanding the management of cyber resilient systems. Comput. Ind. Eng. 149, 106829 (2020). https://doi.org/10.1016/j.cie.2020.106829
Garnaev, A., Baykal-Gursoy, M., Vincent Poor, H.: How to deal with an intelligent adversary. Comput. Ind. Eng. 90, 352–360 (2015). https://doi.org/10.1016/j.cie.2015.10.001
Alhajjar, E., Maxwell, P., Bastian, N.: Adversarial machine learning in network intrusion detection systems. Expert Syst. Appl. 186, 115782 (2021). https://doi.org/10.1016/j.eswa.2021.115782
Schneider, M., Aspinall, D., Bastian, N.: Evaluating model robustness to adversarial samples in network intrusion detection. In: Proceedings of the 2021 IEEE International Conference on Big Data, IEEE pp. 3343– 3352 ( 2021)
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)
Rosenberg, I., Shabtai, A., Elovici, Y., Rokach, L.: Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv. (CSUR) 54(5), 1–36 (2021)
Cerf, V., Kahn, R.: A protocol for packet network intercommunication. IEEE Trans. Commun. 22(5), 637–648 (1974). https://doi.org/10.1109/TCOM.1974.1092259
Hindy, H., Brosset, D., Bayne, E., Seeam, A.K., Tachtatzis, C., Atkinson, R., Bellekens, X.: A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8, 104650–104675 (2020). https://doi.org/10.1109/ACCESS.2020.3000179
Apruzzese, G., Andreolini, M., Ferretti, L., Marchetti, M., Colajanni, M.: Modeling realistic adversarial attacks against network intrusion detection systems. Digit. Threats Res. Pract. (DTRAP) 3(3), 1–19 (2022)
De Lucia, M.J., Maxwell, P.E., Bastian, N.D., Swami, A., Jalaian, B., Leslie, N.: Machine learning raw network traffic detection. SPIE (2021). https://doi.org/10.1117/12.2586114
Bierbrauer, D.A., De Lucia, M., Reddy, K., Maxwell, P., Bastian, N.D.: Transfer learning for raw network traffic detection. Expert Syst. Appl. 211(118641), 1 (2022)
Farrukh, Y.A., Khan, I., Wali, S., Bierbrauer, D., Pavlik, J.A., Bastian, N.D.: Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets. In: Proceedings of the 9th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT2022) (2022)
Applegate, S.D.: The dawn of kinetic cyber. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), IEEE pp. 1– 15 ( 2013)
Anderson, J.P.: Computer security technology planning study-Vol 1. James P. Anderson Co. (1972)
Anderson, J.: Computer security threat monitoring and surveillance. James P. Anderson Co. (1980)
Bejtlich, R.: The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press, San Francisco (2013)
Denning, D., Neumann, P.G.: Requirements and Model for IDES-a Real-Time Intrusion-Detection Expert System. SRI International, Menlo Park (1985)
Cheng, T.-H., Lin, Y.-D., Lai, Y.-C., Lin, P.-C.: Evasion techniques: sneaking through your intrusion detection/prevention systems. IEEE Commun. Surv. Tutorials 14(4), 1011–1020 (2011)
Chernikova, A., Oprea, A.: Fence: feasible evasion attacks on neural networks in constrained environments. ACM Trans. Privacy Sec. 25(4), 1–34 (2022)
Kuppa, A., Grzonkowski, S., Asghar, M.R., Le-Khac, N.-A.: Black box attacks on deep anomaly detectors. In: Proceedings of the 14th International Conference on Availability, Reliability and Security. ARES ’19. Association for Computing Machinery, New York, NY, USA ( 2019). https://doi.org/10.1145/3339252.3339266
Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, pp. 387– 402 (2013)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations, ICLR 2015 (2015)
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 372– 387 ( 2016). https://doi.org/10.1109/EuroSP.2016.36
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (sp), IEEE, pp. 39– 57 (2017)
Chollet, F.: Deep Learning with Python. Simon and Schuster, New York (2021)
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)
Hernández-Pereira, E., Suárez-Romero, J.A., Fontenla-Romero, O., Alonso-Betanzos, A.: Conversion methods for symbolic features: a comparison applied to an intrusion detection problem. Expert Syst. Appl. 36(7), 10612–10617 (2009). https://doi.org/10.1016/j.eswa.2009.02.054
Maxwell, P., Alhajjar, E., Bastian, N.D.: Intelligent feature engineering for cybersecurity. In: 2019 IEEE International Conference on Big Data (Big Data), IEEE, pp. 5005– 5011 (2019)
Chae, H.S., Jo, B.O., Choi, S.H., Park, T.K.: Feature selection for intrusion detection using NSL-KDD. Recent Adv. Comput. Sci. 20132, 184–187 (2013)
Kloft, M., Brefeld, U., Düessel, P., Gehl, C., Laskov, P.: Automatic feature selection for anomaly detection. In: Proceedings of the 1st ACM Workshop on Workshop on AISec, pp. 71– 76 ( 2008)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1– 6 (2009). https://doi.org/10.1109/CISDA.2009.5356528
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)
Raggett, D., Le Hors, A., Jacobs, I., et al.: Html 4.01 specification. W3C recommendation 24 (1999)
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., Rieck, K.: Dos and don’ts of machine learning in computer security. In: Proceedings of 31st USENIX Security Symposium, pp. 3971– 3988 (2022)
Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1– 6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942
Acknowledgements
Special thanks is given to Dr. Elie Alhajjar and Dr. John Pavlik for discussing experimental results throughout the research. This work was supported in part by the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory under Support Agreement No. USMA21050, the U.S. Army DEVCOM C5ISR Center under Support Agreement No. USMA21056, and the U.S. Air Force Research Laboratory under Support Agreement No. USMA2226. The views expressed in this paper are those of the authors and do not reflect the official policy or position of the Air Force Institute of Technology, U.S. Military Academy, U.S. Air Force, U.S. Army, Department of Defense, or U.S. Government.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chalé, M., Cox, B., Weir, J. et al. Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems. Optim Lett (2023). https://doi.org/10.1007/s11590-023-02007-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11590-023-02007-7