Abstract
There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8\(\%\) against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.
Similar content being viewed by others
Data Availability
The data is available on kaggle in https://www.kaggle.com/code/vivek9837/domain-constraint
Code Availability
The code along with the dataset is available on kaggle in https://www.kaggle.com/code/vivek9837/domain-constraint
References
Javaid A, Niyaz Q, Sun W, Alam M (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp 21–26
Kumar V, Sangwan OP (2012) Signature based intrusion detection system using snort. Int J Comput Appl Inf Technol 1(3):35–41
Maseer ZK, Yusof R, Bahaman N, Mostafa SA, Foozy CFM (2021) Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE Access 9:22351–22370
Parrend P, Navarro J, Guigou F, Deruyver A, Collet P (2018) Foundations and applications of artificial intelligence for zero-day and multi-step attack detection. EURASIP J Inf Secur 2018(1):1–21
Chiba Z, Abghour N, Moussaid K, Rida M et al (2019) Intelligent approach to build a deep neural network based ids for cloud environment using combination of machine learning algorithms. Comput Secur 86:291–317
Sumaiya Thaseen I, Saira Banu J, Lavanya K, Rukunuddin Ghalib M, Abhishek K (2021) An integrated intrusion detection system using correlation-based attribute selection and artificial neural network. Trans Emerg Telecommun Technol 32(2):4014
Wisanwanichthan T, Thammawichai M (2021) A double-layered hybrid approach for network intrusion detection system using combined naive bayes and SVM. IEEE Access 9:138432–138450
Panigrahi R, Borah S, Bhoi AK, Ijaz MF, Pramanik M, Kumar Y, Jhaveri RH (2021) A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets. Mathematics 9(7):751
Benaddi H, Ibrahimi K, Benslimane A (2018) Improving the intrusion detection system for NSL-KDD dataset based on PCA-fuzzy clustering-KNN. In: 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), pp 1–6. IEEE
Seo E, Song HM, Kim HK (2018) GIDS: GAN based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6. IEEE
Tramer F, Carlini N, Brendel W, Madry A (2020) On adaptive attacks to adversarial example defenses. Adv Neural Inf Process Syst 33:1633–1645
Xu Y, Du B, Zhang L (2020) Assessing the threat of adversarial examples on deep neural networks for remote sensing scene classification: attacks and defenses. IEEE Trans Geosci Remote Sens 59(2):1604–1617
Wiyatno RR, Xu A, Dia O, de Berker A (2019) Adversarial examples in modern machine learning: a review. arXiv:1911.05268
Alatwi HA, Morisset C (2021) Adversarial machine learning in network intrusion detection domain: a systematic review. arXiv:2112.03315
Sheatsley R, Hoak B, Pauley E, Beugin Y, Weisman MJ, McDaniel P (2021) On the robustness of domain constraints. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp 495–515
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv:1312.6199
Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp 372–387. IEEE
Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 Ieee Symposium on Security and Privacy (sp), pp 39–57. IEEE
Moosavi-Dezfooli S-M, Fawzi A, Frossard P (2016) Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp 2574–2582
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083 (2017)
Kurakin A, Goodfellow IJ, Bengio S (2018) Adversarial examples in the physical world. In: Artificial Intelligence Safety and Security, pp 99–112. Chapman and Hall/CRC, ???
Moosavi-Dezfooli S-M, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp 1765–1773
Chen J, Wu D, Zhao Y, Sharma N, Blumenstein M, Yu S (2021) Fooling intrusion detection systems using adversarially autoencoder. Digit Commun Netw 7(3):453–460
Usama M, Asim M, Latif S, Qadir J et al (2019) Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), pp 78–83. IEEE
Zhong Y, Zhu Y, Wang Z, Yin X, Shi X, Li K (2020) An adversarial learning model for intrusion detection in real complex network environments. In: International Conference on Wireless Algorithms, Systems, and Applications, pp 794–806. Springer
Shieh C-S, Nguyen T-T, Lin W-W, Huang Y-L, Horng M-F, Lee T-F, Miu D (2022) Detection of adversarial DDoS attacks using generative adversarial networks with dual discriminators. Symmetry 14(1):66
Cheng Q, Zhou S, Shen Y, Kong D, Wu C (2021) Packet-level adversarial network traffic crafting using sequence generative adversarial networks. arXiv:2103.04794
Lin Z, Shi Y, Xue Z (2022) Idsgan: generative adversarial networks for attack generation against intrusion detection. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp 79–91. Springer
Li P, Zhao W, Liu Q, Liu X, Yu L (2018) Poisoning machine learning based wireless IDSs via stealing learning model. In: International Conference on Wireless Algorithms, Systems, and Applications, pp 261–273. Springer
Aiken J, Scott-Hayward S (2019) Investigating adversarial attacks against network intrusion detection systems in sdns. In: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp 1–7. IEEE
Usama M, Qadir J, Al-Fuqaha A, Hamdi M (2019) The adversarial machine learning conundrum: can the insecurity of ml become the Achilles’ heel of cognitive networks? IEEE Netw 34(1):196–203
Peng X, Huang W, Shi Z (2019) Adversarial attack against dos intrusion detection: an improved boundary-based method. In: 2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI), pp 1288–1295. IEEE
Abusnaina A, Khormali A, Nyang D, Yuksel M, Mohaisen A (2019) Examining the robustness of learning-based ddos detection in software defined networks. In: 2019 IEEE Conference on Dependable and Secure Computing (DSC), pp 1–8. IEEE
Teuffenbach M, Piatkowska E, Smith P (2020) Subverting network intrusion detection: crafting adversarial examples accounting for domain-specific constraints. In: International Cross-Domain Conference for Machine Learning and Knowledge Extraction, pp 301–320. Springer
Chauhan R, Heydari SS (2020) Polymorphic adversarial DDoS attack on ids using GAN. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp 1–6. IEEE
Cheng Q, Zhou S, Shen Y, Kong D, Wu C (2021) Packet-level adversarial network traffic crafting using sequence generative adversarial networks. arXiv:2103.04794
Yan Q, Wang M, Huang W, Luo X, Yu FR (2019) Automatically synthesizing dos attack traces using generative adversarial networks. Int J Mach Learn Cybern 10(12):3387–3396
Han D, Wang Z, Zhong Y, Chen W, Yang J, Lu S, Shi X, Yin X (2020) Practical traffic-space adversarial attacks on learning-based nidss. arXiv:2005.07519
Shu D, Leslie NO, Kamhoua CA, Tucker CS (2020) Generative adversarial attacks against intrusion detection systems using active learning. In: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, pp 1–6
Merzouk, M.A., Cuppens, F., Boulahia-Cuppens, N., Yaich, R.: Investigating the practicality of adversarial evasion attacks on network intrusion detection. Annals of Telecommunications, 1–13 (2022)
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1:108–116
Valiant LG (1984) A theory of the learnable. Commun ACM 27(11):1134–1142
Ankerst M, Breunig MM, Kriegel H-P, Sander J (1999) Optics: ordering points to identify the clustering structure. ACM Sigmod Rec 28(2):49–60
Author information
Authors and Affiliations
Contributions
Vivek Kumar: problem formulation, results and discussion.
Kamal Kumar: result analysis, data collection.
Maheep Singh: final editing, result analysis, and mathematical foundation.
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Kamal Kumar and Maheep Singh both contributed equally to this work.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kumar, V., Kumar, K. & Singh, M. Generating practical adversarial examples against learning-based network intrusion detection systems. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01021-9
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12243-024-01021-9