Skip to main content
SpringerLink
Log in

Generating practical adversarial examples against learning-based network intrusion detection systems

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8\(\%\) against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Algorithm 2
Fig. 3
Fig. 4
Algorithm 3
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

The data is available on kaggle in https://www.kaggle.com/code/vivek9837/domain-constraint

Code Availability

The code along with the dataset is available on kaggle in https://www.kaggle.com/code/vivek9837/domain-constraint

References

  1. Javaid A, Niyaz Q, Sun W, Alam M (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp 21–26

  2. Kumar V, Sangwan OP (2012) Signature based intrusion detection system using snort. Int J Comput Appl Inf Technol 1(3):35–41

    Google Scholar 

  3. Maseer ZK, Yusof R, Bahaman N, Mostafa SA, Foozy CFM (2021) Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE Access 9:22351–22370

    Article  Google Scholar 

  4. Parrend P, Navarro J, Guigou F, Deruyver A, Collet P (2018) Foundations and applications of artificial intelligence for zero-day and multi-step attack detection. EURASIP J Inf Secur 2018(1):1–21

  5. Chiba Z, Abghour N, Moussaid K, Rida M et al (2019) Intelligent approach to build a deep neural network based ids for cloud environment using combination of machine learning algorithms. Comput Secur 86:291–317

  6. Sumaiya Thaseen I, Saira Banu J, Lavanya K, Rukunuddin Ghalib M, Abhishek K (2021) An integrated intrusion detection system using correlation-based attribute selection and artificial neural network. Trans Emerg Telecommun Technol 32(2):4014

    Article  Google Scholar 

  7. Wisanwanichthan T, Thammawichai M (2021) A double-layered hybrid approach for network intrusion detection system using combined naive bayes and SVM. IEEE Access 9:138432–138450

    Article  Google Scholar 

  8. Panigrahi R, Borah S, Bhoi AK, Ijaz MF, Pramanik M, Kumar Y, Jhaveri RH (2021) A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets. Mathematics 9(7):751

    Article  Google Scholar 

  9. Benaddi H, Ibrahimi K, Benslimane A (2018) Improving the intrusion detection system for NSL-KDD dataset based on PCA-fuzzy clustering-KNN. In: 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), pp 1–6. IEEE

  10. Seo E, Song HM, Kim HK (2018) GIDS: GAN based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6. IEEE

  11. Tramer F, Carlini N, Brendel W, Madry A (2020) On adaptive attacks to adversarial example defenses. Adv Neural Inf Process Syst 33:1633–1645

    Google Scholar 

  12. Xu Y, Du B, Zhang L (2020) Assessing the threat of adversarial examples on deep neural networks for remote sensing scene classification: attacks and defenses. IEEE Trans Geosci Remote Sens 59(2):1604–1617

    Article  Google Scholar 

  13. Wiyatno RR, Xu A, Dia O, de Berker A (2019) Adversarial examples in modern machine learning: a review. arXiv:1911.05268

  14. Alatwi HA, Morisset C (2021) Adversarial machine learning in network intrusion detection domain: a systematic review. arXiv:2112.03315

  15. Sheatsley R, Hoak B, Pauley E, Beugin Y, Weisman MJ, McDaniel P (2021) On the robustness of domain constraints. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp 495–515

  16. Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv:1312.6199

  17. Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp 372–387. IEEE

  18. Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 Ieee Symposium on Security and Privacy (sp), pp 39–57. IEEE

  19. Moosavi-Dezfooli S-M, Fawzi A, Frossard P (2016) Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp 2574–2582

  20. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083 (2017)

  21. Kurakin A, Goodfellow IJ, Bengio S (2018) Adversarial examples in the physical world. In: Artificial Intelligence Safety and Security, pp 99–112. Chapman and Hall/CRC, ???

  22. Moosavi-Dezfooli S-M, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp 1765–1773

  23. Chen J, Wu D, Zhao Y, Sharma N, Blumenstein M, Yu S (2021) Fooling intrusion detection systems using adversarially autoencoder. Digit Commun Netw 7(3):453–460

  24. Usama M, Asim M, Latif S, Qadir J et al (2019) Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), pp 78–83. IEEE

  25. Zhong Y, Zhu Y, Wang Z, Yin X, Shi X, Li K (2020) An adversarial learning model for intrusion detection in real complex network environments. In: International Conference on Wireless Algorithms, Systems, and Applications, pp 794–806. Springer

  26. Shieh C-S, Nguyen T-T, Lin W-W, Huang Y-L, Horng M-F, Lee T-F, Miu D (2022) Detection of adversarial DDoS attacks using generative adversarial networks with dual discriminators. Symmetry 14(1):66

    Article  Google Scholar 

  27. Cheng Q, Zhou S, Shen Y, Kong D, Wu C (2021) Packet-level adversarial network traffic crafting using sequence generative adversarial networks. arXiv:2103.04794

  28. Lin Z, Shi Y, Xue Z (2022) Idsgan: generative adversarial networks for attack generation against intrusion detection. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp 79–91. Springer

  29. Li P, Zhao W, Liu Q, Liu X, Yu L (2018) Poisoning machine learning based wireless IDSs via stealing learning model. In: International Conference on Wireless Algorithms, Systems, and Applications, pp 261–273. Springer

  30. Aiken J, Scott-Hayward S (2019) Investigating adversarial attacks against network intrusion detection systems in sdns. In: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp 1–7. IEEE

  31. Usama M, Qadir J, Al-Fuqaha A, Hamdi M (2019) The adversarial machine learning conundrum: can the insecurity of ml become the Achilles’ heel of cognitive networks? IEEE Netw 34(1):196–203

  32. Peng X, Huang W, Shi Z (2019) Adversarial attack against dos intrusion detection: an improved boundary-based method. In: 2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI), pp 1288–1295. IEEE

  33. Abusnaina A, Khormali A, Nyang D, Yuksel M, Mohaisen A (2019) Examining the robustness of learning-based ddos detection in software defined networks. In: 2019 IEEE Conference on Dependable and Secure Computing (DSC), pp 1–8. IEEE

  34. Teuffenbach M, Piatkowska E, Smith P (2020) Subverting network intrusion detection: crafting adversarial examples accounting for domain-specific constraints. In: International Cross-Domain Conference for Machine Learning and Knowledge Extraction, pp 301–320. Springer

  35. Chauhan R, Heydari SS (2020) Polymorphic adversarial DDoS attack on ids using GAN. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp 1–6. IEEE

  36. Cheng Q, Zhou S, Shen Y, Kong D, Wu C (2021) Packet-level adversarial network traffic crafting using sequence generative adversarial networks. arXiv:2103.04794

  37. Yan Q, Wang M, Huang W, Luo X, Yu FR (2019) Automatically synthesizing dos attack traces using generative adversarial networks. Int J Mach Learn Cybern 10(12):3387–3396

    Article  Google Scholar 

  38. Han D, Wang Z, Zhong Y, Chen W, Yang J, Lu S, Shi X, Yin X (2020) Practical traffic-space adversarial attacks on learning-based nidss. arXiv:2005.07519

  39. Shu D, Leslie NO, Kamhoua CA, Tucker CS (2020) Generative adversarial attacks against intrusion detection systems using active learning. In: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, pp 1–6

  40. Merzouk, M.A., Cuppens, F., Boulahia-Cuppens, N., Yaich, R.: Investigating the practicality of adversarial evasion attacks on network intrusion detection. Annals of Telecommunications, 1–13 (2022)

  41. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1:108–116

    Google Scholar 

  42. Valiant LG (1984) A theory of the learnable. Commun ACM 27(11):1134–1142

  43. Ankerst M, Breunig MM, Kriegel H-P, Sander J (1999) Optics: ordering points to identify the clustering structure. ACM Sigmod Rec 28(2):49–60

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology, Pauri-Garhwal, Srinagar, 246174, Uttarakhand, India

    Vivek Kumar & Maheep Singh

  2. Department of Computer Science and Engineering, THDC Institute of Hydropower Engineering and Technology, Tehri, 249124, Uttarakhand, India

    Vivek Kumar

  3. Department of Information Technology, IGDTUW, Delhi, 110006, India

    Kamal Kumar

Authors
  1. Vivek Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamal Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maheep Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Vivek Kumar: problem formulation, results and discussion.

Kamal Kumar: result analysis, data collection.

Maheep Singh: final editing, result analysis, and mathematical foundation.

Corresponding author

Correspondence to Vivek Kumar.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Kamal Kumar and Maheep Singh both contributed equally to this work.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, V., Kumar, K. & Singh, M. Generating practical adversarial examples against learning-based network intrusion detection systems. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01021-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s12243-024-01021-9

Keywords

Search

Navigation