Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection

  • Yifan Dong
  • Peidong Zhu
  • Qiang Liu
  • Yingwen Chen
  • Peng Xun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10874)


Machine learning algorithms have been increasingly adopted in Intrusion Detection Systems (IDSs) and achieved demonstrable results, but few studies have considered intrinsic vulnerabilities of these algorithms in adversarial environment. In our work, we adopt poisoning attack to influence the accuracy of wireless IDSs that adopt feature selection algorithms. Specifically, we adopt the gradient poisoning method to generate adversarial examples which induce classifier to select a feature subset to make the classification error rate biggest. We consider the box-constrained problem and use Lagrange multiplier and backtracking line search to find the feasible gradient. To evaluate our method, we experimentally demonstrate that our attack method can influence machine learning, including filter and embedded feature selection algorithms using three benchmark network public datasets and a wireless sensor network dataset, i.e., KDD99, NSL-KDD, Kyoto 2006+ and WSN-DS. Our results manifest that gradient poisoning method causes a significant drop in the classification accuracy of IDSs about 20%.


Gradient poisoning IDS Feature selection Adversarial examples 



This work is supported by the National Nature Science Foundation of China under Grant Nos. 61572514 and 61702539.


  1. 1.
    Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016)
  2. 2.
    Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers. In: Proceedings of the 2016 Network and Distributed Systems Symposium (2016)Google Scholar
  3. 3.
    Tibshirani, R.: Regression shrinkage and selection via the lasso. J. R. Stat. Soc. Ser. B (Methodol.) 58, 267–288 (1996)MathSciNetzbMATHGoogle Scholar
  4. 4.
    Hoerl, A.E., Kennard, R.W.: Ridge regression: biased estimation for nonorthogonal problems. Technometrics 12(1), 55–67 (1970)CrossRefGoogle Scholar
  5. 5.
    Zou, H., Hastie, T.: Regularization and variable selection via the elastic net. J. R. Stat. Soc.: Ser. B (Stat. Methodol.) 67(2), 301–320 (2005)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Abraham, A., Jain, R., Thomas, J., Han, S.Y.: D-SCIDS: distributed soft computing intrusion detection system. J. Netw. Comput. Appl. 30(1), 81–98 (2007)CrossRefGoogle Scholar
  8. 8.
    Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)CrossRefGoogle Scholar
  9. 9.
    Chen, Y., Abraham, A., Yang, B.: Feature selection and classification using flexible neural tree. Neurocomputing 70(1–3), 305–313 (2006)CrossRefGoogle Scholar
  10. 10.
    Mukkamala, S., Sung, A.H.: Significant feature selection using computational intelligent techniques for intrusion detection. In: Bandyopadhyay, S., Maulik, U., Holder, L.B., Cook, D.J. (eds.) Advanced Methods for Knowledge Discovery from Complex Data, pp. 285–306. Springer, London (2005). Scholar
  11. 11.
    Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 16–25. ACM (2006)Google Scholar
  12. 12.
    Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S.: A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 99, 1 (2018)Google Scholar
  13. 13.
    Wittel, G.L., Wu, S.F.: On attacking statistical spam filters. In: CEAS (2004)Google Scholar
  14. 14.
    Šrndic, N., Laskov, P.: Detection of malicious pdf files based on hierarchical document structure. In: Proceedings of the 20th Annual Network & Distributed System Security Symposium, pp. 1–16 (2013)Google Scholar
  15. 15.
    Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 26(4), 984–996 (2014)CrossRefGoogle Scholar
  16. 16.
    Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: International Conference on Machine Learning, pp. 1689–1698 (2015)Google Scholar
  17. 17.
    Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36. ACM (2011)Google Scholar
  18. 18.
    Almomani, I., Al-Kasasbeh, B., Al-Akhras, M.: WSN-DS: a dataset for intrusion detection systems in wireless sensor networks. J. Sens. 2016(2), 1–16 (2016)CrossRefGoogle Scholar
  19. 19.
    Kuncheva, L.I.: A stability index for feature selection. In: Artificial Intelligence and applications, pp. 421–427 (2007)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.National University of Defense TechnologyChangshaChina
  2. 2.Changsha UniversityChangshaChina

Personalised recommendations