Back to Search
Start Over
Tiki-Taka
- Source :
- CCSW@CCS, Zhang, C, Costa-Perez, X & Patras, P 2020, Tiki-Taka: Attacking and Defending Deep Learning-based Intrusion Detection Systems . in Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop . pp. 27-39, The ACM Cloud Computing Security Workshop 2020, Orlando (possibly virtual), Florida, United States, 9/11/20 . https://doi.org/10.1145/3411495.3421359
- Publication Year :
- 2020
- Publisher :
- ACM, 2020.
-
Abstract
- Neural networks are increasingly important in the developmentof Network Intrusion Detection Systems (NIDS), as they have the potential to achieve high detection accuracy while requiring limited feature engineering. Deep learning-based detectors can be however vulnerable to adversarial examples, by which attackers that maybe oblivious to the precise mechanics of the targeted NIDS add subtle perturbations to malicious traffic features, with the aim of evading detection and disrupting critical systems in a cost-effective manner. Defending against such adversarial attacks is therefore of high importance, but requires to address daunting challenges.In this paper, we introduce Tiki-Taka, a general framework for (i) assessing the robustness of state-of-the-art deep learning-based NIDS against adversarial manipulations, and which (ii) incorporates our proposed defense mechanisms to increase the NIDS’ resistance to attacks employing such evasion techniques. Specifically, we select five different cutting-edge adversarial attack mechanisms to subvert three popular malicious traffic detectors that employ neural networks. We experiment with a publicly available dataset and consider both one-to-all and one-to-one classification scenarios, i.e., discriminating illicit vs benign traffic and respectively identifying specific types of anomalous traffic among many observed. The results obtained reveal that, under realistic constraints, attackers can evade NIDS with up to 35.7% success rates, by only altering time-based features of the traffic generated. To counteract these weaknesses, we propose three defense mechanisms, namely: model voting ensembling, ensembling adversarial training, and query detection. To the best of our knowledge, our work is the first to propose defenses against adversarial attacks targeting NIDS. We demonstrate that when employing the proposed methods, intrusion detection rates can be improved to nearly 100% against most types of malicious traffic, and attacks with potentially catastrophic consequences (e.g., botnet) can be thwarted. This confirms the effectiveness of our solutions and makes the case for their adoption when designing robust and reliable deep anomaly detectors
- Subjects :
- Feature engineering
Artificial neural network
business.industry
Computer science
Deep learning
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
Botnet
Evasion (network security)
020206 networking & telecommunications
02 engineering and technology
Intrusion detection system
Network Intrusion Detection Systems
Computer security
computer.software_genre
Adversarial system
Deep Learning
Robustness (computer science)
0202 electrical engineering, electronic engineering, information engineering
020201 artificial intelligence & image processing
Artificial intelligence
business
computer
Adversarial Attacks
Subjects
Details
- Database :
- OpenAIRE
- Journal :
- Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop
- Accession number :
- edsair.doi.dedup.....f5496e1e6063f5c2b81c7e012da68814
- Full Text :
- https://doi.org/10.1145/3411495.3421359