Preprint
Article
Defending The Defender: Detecting Adversarial Examples For Network Intrusion Detection Systems.
Altmetrics
Downloads
321
Views
248
Comments
0
This version is not peer-reviewed
Machine Learning in Communication Systems and Networks
Submitted:
15 December 2022
Posted:
22 December 2022
You are already at the latest version
Alerts
Abstract
The advancement in network security threats led to the development of new Intrusion Detection Systems(IDS) that rely on deep learning algorithms known as deep IDS. Along with other systems based on deep learning, deep IDS suffer from adversarial examples: malicious inputs aiming to change the prediction of a machine learning/deep learning model. Protecting deep learning against adversarial examples remains an open challenge. In this paper, we propose “NIDS-Defend” a framework to enhance the robustness of Network IDS against adversarial attacks. Our framework is composed of two layers: a statistical test and a classifier that together detect adversarial examples in real-time. The detection process consists of two steps: (1) flagging flows that contain adversarial examples with a statistical test, and (2) extracting individual adversarial examples in the previously flagged flows with a classifier. Our approach is evaluated on binary IDS with the NSL-KDD dataset. To generate adversarial examples, the crafting methods used are (1) Boundary attack and (2) HopSkipJumpAttack. We investigate the vulnerabilities of a Network IDS against adversarial examples, then apply our defense. The statistical test can confidently distinguish adversarial flows with more than 95% accuracy, and the classifier detects individual adversarial examples with more than 80% accuracy. We also show that our framework detects adversarial examples crafted by an adversary aware of the defense and confirm the effectiveness of our solution against adversarial attacks.
Keywords:
Subject: Computer Science and Mathematics - Artificial Intelligence and Machine Learning
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
MDPI Initiatives
Important Links
© 2024 MDPI (Basel, Switzerland) unless otherwise stated