Mustafa Ahmed Elberri,Ümit Tokeşer,Javad Rahebi,Jose Manuel Lopez-Guede

DOI: https://doi.org/10.1007/s10207-024-00851-x

2024-05-08

International Journal of Information Security

Abstract:Phishing attacks pose a significant threat to online security, utilizing fake websites to steal sensitive user information. Deep learning techniques, particularly convolutional neural networks (CNNs), have emerged as promising tools for detecting phishing attacks. However, traditional CNN-based image classification methods face limitations in effectively identifying fake pages. To address this challenge, we propose an image-based coding approach for detecting phishing attacks using a CNN-LSTM hybrid model. This approach combines SMOTE, an enhanced GAN based on the Autoencoder network, and swarm intelligence algorithms to balance the dataset, select informative features, and generate grayscale images. Experiments on three benchmark datasets demonstrate that the proposed method achieves superior accuracy, precision, and sensitivity compared to other techniques, effectively identifying phishing attacks and enhancing online security.

computer science, information systems, theory & methods, software engineering

Momen Hesham,Mohamed Essam,Mohamed Bahaa,Ahmed Mohamed,Mohamed Gomaa,Mena Hany,Wael Elsersy

2024-07-08

Abstract:As these attacks become more and more difficult to see, the need for the great hi-tech models that detect them is undeniable. This paper examines and compares various machine learning as well as deep learning models to choose the most suitable ones for detecting and fighting against cybersecurity risks. The two datasets are used in the study to assess models like Naive Bayes, SVM, Random Forest, and deep learning architectures, i.e., VGG16, in the context of accuracy, precision, recall, and F1-score. Analysis shows that Random Forest and Extra Trees do better in terms of accuracy though in different aspects of the dataset characteristics and types of threat. This research not only emphasizes the strengths and weaknesses of each predictive model but also addresses the difficulties associated with deploying such technologies in the real-world environment, such as data dependency and computational demands. The research findings are targeted at cybersecurity professionals to help them select appropriate predictive models and configure them to strengthen the security measures against cyber threats completely.

Cryptography and Security

V. Kanimozhi,T. Prem Jacob

DOI: https://doi.org/10.1016/j.icte.2020.12.004

IF: 4.754

2021-09-01

ICT Express

Abstract:Our paramount task is to examine and detect network attacks, is one of the daunting tasks because the variety of attacks are day by day existing in colossal number. The program proposed detects botnet attacks using the newest CSE-CIC-IDS2018 cyber dataset published by the Canadian Cybersecurity Establishment (CIC). The cyber dataset can be accessed on AWS (Amazon Web Services). The realistic network dataset consists of all the modern and existing attacks such as Brute-force attacks and password cracking, Heartbleed, Botnet, DoS (Denial of Service), DDoS also known as Distributed Denial of Service, Web attacks i.e. vulnerable web app attacks, and infiltration of the network from inside. The objective of the proposed research is to identify a classification of Botnet attacks. Botnet attack is a Trojan Horse malware attack that poses a serious security threat to the banking and financial sectors. Since a specific classifier could possibly work for such datasets so it is crucial to finish a comparative examination of classifiers in order to achieve the most noteworthy execution in such basic detection of network attacks. The proposed framework is to incorporate different classifier methods such as KNearset Neighbor classifier, Naïve Bayes, Adaboost with Decision Tree, Support Vector Machine classifier, Random Forest classifier, and Artificial Intelligence to distinguish a portrayal of botnet attacks on the recent and realistic cyber dataset CSE-CIC-IDS2018. The results of the classification are given as precise precision for the specific classifiers.And furthermore, the proposed framework uses the Calibration curve is a standard approach in analytical methods which generates reliability diagrams to check the predicted probabilities of various classifiers are well-calibrated or not. Finally, the displayed graph proves how well the artificial intelligence technique outperforms all other classifiers. which generates reliability diagrams to check the predicted probabilities of various classifiers are well-calibrated or not.

computer science, information systems,telecommunications

Theodora Anastasiou,Sophia Karagiorgou,Petros Petrou,Dimitrios Papamartzivanos,Thanassis Giannetsos,Georgia Tsirigotaki,Jelle Keizer

DOI: https://doi.org/10.3390/s22186905

2022-09-13

Abstract:Adversarial machine learning (AML) is a class of data manipulation techniques that cause alterations in the behavior of artificial intelligence (AI) systems while going unnoticed by humans. These alterations can cause serious vulnerabilities to mission-critical AI-enabled applications. This work introduces an AI architecture augmented with adversarial examples and defense algorithms to safeguard, secure, and make more reliable AI systems. This can be conducted by robustifying deep neural network (DNN) classifiers and explicitly focusing on the specific case of convolutional neural networks (CNNs) used in non-trivial manufacturing environments prone to noise, vibrations, and errors when capturing and transferring data. The proposed architecture enables the imitation of the interplay between the attacker and a defender based on the deployment and cross-evaluation of adversarial and defense strategies. The AI architecture enables (i) the creation and usage of adversarial examples in the training process, which robustify the accuracy of CNNs, (ii) the evaluation of defense algorithms to recover the classifiers' accuracy, and (iii) the provision of a multiclass discriminator to distinguish and report on non-attacked and attacked data. The experimental results show promising results in a hybrid solution combining the defense algorithms and the multiclass discriminator in an effort to revitalize the attacked base models and robustify the DNN classifiers. The proposed architecture is ratified in the context of a real manufacturing environment utilizing datasets stemming from the actual production lines.

Óscar Mogollón Gutiérrez,José Carlos Sancho Núñez,Mar Ávila,Andrés Caro

DOI: https://doi.org/10.7717/peerj-cs.1975

2024-04-15

PeerJ Computer Science

Abstract:The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it’s crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one- vs -rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.

computer science, information systems, artificial intelligence, theory & methods

Ahmed Aldahdooh,Wassim Hamidouche,Olivier Déforges

DOI: https://doi.org/10.48550/arXiv.2103.05354

2021-06-21

Abstract:Security-sensitive applications that rely on Deep Neural Networks (DNNs) are vulnerable to small perturbations that are crafted to generate Adversarial Examples(AEs). The AEs are imperceptible to humans and cause DNN to misclassify them. Many defense and detection techniques have been proposed. Model's confidences and Dropout, as a popular way to estimate the model's uncertainty, have been used for AE detection but they showed limited success against black- and gray-box attacks. Moreover, the state-of-the-art detection techniques have been designed for specific attacks or broken by others, need knowledge about the attacks, are not consistent, increase model parameters overhead, are time-consuming, or have latency in inference time. To trade off these factors, we revisit the model's uncertainty and confidences and propose a novel unsupervised ensemble AE detection mechanism that 1) uses the uncertainty method called SelectiveNet, 2) processes model layers outputs, <a class="link-external link-http" href="http://i.e.feature" rel="external noopener nofollow">this http URL</a> maps, to generate new confidence probabilities. The detection method is called Selective and Feature based Adversarial Detection (SFAD). Experimental results show that the proposed approach achieves better performance against black- and gray-box attacks than the state-of-the-art methods and achieves comparable performance against white-box attacks. Moreover, results show that SFAD is fully robust against High Confidence Attacks (HCAs) for MNIST and partially robust for CIFAR10 datasets.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Ramy Maarouf,Danish Sattar,Ashraf Matrawy

DOI: https://doi.org/10.1109/iscc53001.2021.9631407

2021-09-05

Abstract:Machine learning and deep learning algorithms can be used to classify encrypted Internet traffic. Classification of encrypted traffic can become more challenging in the presence of adversarial attacks that target the learning algorithms. In this paper, we focus on investigating the effectiveness of different evasion attacks and see how resilient machine and deep learning algorithms are. Namely, we test C4.5 Decision Tree, K-Nearest Neighbor (KNN), Artificial Neural Network (ANN), Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN). In most of our experimental results, deep learning shows better resilience against the adversarial samples in comparison to machine learning. Whereas, the impact of the attack varies depending on the type of attack.

NVA Pavan Kumar Inguva,Oludotun Oni,Jacob Bryant

DOI: https://doi.org/10.48175/ijarsct-19438

2024-08-26

Abstract:Cyber security is like a race between defensive and offensive capabilities. Day by day the attacks are increasing consequently the preventive mechanisms are also raising. The technological evolution must address the cyber security problem effectively. Cyber security is always the cutting-edge technology to which Machine learning added potentiality. Machine learning plays a crucial role cyber-attacks in various dimensions. The recent advancements in usage of Machine learning towards cyber security preventive and detective measures clearly indicates that the Cyber security certainly accelerates. But at the same time the threat framework also takes the advent of innovative machine learning models. In this paper we are intended to explore various machine learning algorithms to classify cyber-attacks, which are very useful in designing efficient threat defensive models

James Msughter Adeke,Guangjie Liu,Junjie Zhao,Nannan Wu,Hafsat Muhammad Bashir

DOI: https://doi.org/10.3390/fi15120405

2023-12-17

Future Internet

Abstract:Machine learning (ML) models are essential to securing communication networks. However, these models are vulnerable to adversarial examples (AEs), in which malicious inputs are modified by adversaries to produce the desired output. Adversarial training is an effective defense method against such attacks but relies on access to a substantial number of AEs, a prerequisite that entails significant computational resources and the inherent limitation of poor performance on clean data. To address these problems, this study proposes a novel approach to improve the robustness of ML-based network traffic classification models by integrating derived variables (DVars) into training. Unlike adversarial training, our approach focuses on enhancing training using DVars, introducing randomness into the input data. DVars are generated from the baseline dataset and significantly improve the resilience of the model to AEs. To evaluate the effectiveness of DVars, experiments were conducted using the CSE-CIC-IDS2018 dataset and three state-of-the-art ML-based models: decision tree (DT), random forest (RF), and k-neighbors (KNN). The results show that DVars can improve the accuracy of KNN under attack from 0.45% to 0.84% for low-intensity attacks and from 0.32% to 0.66% for high-intensity attacks. Furthermore, both DT and RF achieve a significant increase in accuracy when subjected to attack of different intensity. Moreover, DVars are computationally efficient, scalable, and do not require access to AEs.

João Vitorino,Miguel Silva,Eva Maia,Isabel Praça

2024-04-06

Abstract:The growing cybersecurity threats make it essential to use high-quality data to train Machine Learning (ML) models for network traffic analysis, without noisy or missing data. By selecting the most relevant features for cyber-attack detection, it is possible to improve both the robustness and computational efficiency of the models used in a cybersecurity system. This work presents a feature selection and consensus process that combines multiple methods and applies them to several network datasets. Two different feature sets were selected and were used to train multiple ML models with regular and adversarial training. Finally, an adversarial evasion robustness benchmark was performed to analyze the reliability of the different feature sets and their impact on the susceptibility of the models to adversarial examples. By using an improved dataset with more data diversity, selecting the best time-related features and a more specific feature set, and performing adversarial training, the ML models were able to achieve a better adversarially robust generalization. The robustness of the models was significantly improved without their generalization to regular traffic flows being affected, without increases of false alarms, and without requiring too many computational resources, which enables a reliable detection of suspicious activity and perturbed traffic flows in enterprise computer networks.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Ahmed Aldahdooh,Wassim Hamidouche,Olivier Déforges

DOI: https://doi.org/10.1007/s10489-022-03373-y

IF: 5.3

2022-04-19

Applied Intelligence

Abstract:Security-sensitive applications that rely on Deep Neural Networks (DNNs) are vulnerable to small perturbations that are crafted to generate Adversarial Examples. The (AEs) are imperceptible to humans and cause DNN to misclassify them. Many defense and detection techniques have been proposed. Model's confidences and Dropout, as a popular way to estimate the model's uncertainty, have been used for AE detection but they showed limited success against black- and gray-box attacks. Moreover, the state-of-the-art detection techniques have been designed for specific attacks or broken by others, need knowledge about the attacks, are not consistent, increase model parameters overhead, are time-consuming, or have latency in inference time. To trade off these factors, we revisit the model's uncertainty and confidences and propose a novel unsupervised ensemble AE detection mechanism that 1) uses the uncertainty method called SelectiveNet, 2) processes model layers outputs, i.e. feature maps, to generate new confidence probabilities. The detection method is called SFAD. Experimental results show that the proposed approach achieves better performance against black- and gray-box attacks than the state-of-the-art methods and achieves comparable performance against white-box attacks. Moreover, results show that SFAD is fully robust against High Confidence Attacks (HCAs) for MNIST and partially robust for CIFAR10 datasets.1

computer science, artificial intelligence

Atul Kumar,Sameep Mehta

DOI: https://doi.org/10.48550/arXiv.1707.03184

2017-07-11

Abstract:Machine learning based system are increasingly being used for sensitive tasks such as security surveillance, guiding autonomous vehicle, taking investment decisions, detecting and blocking network intrusion and malware etc. However, recent research has shown that machine learning models are venerable to attacks by adversaries at all phases of machine learning (eg, training data collection, training, operation). All model classes of machine learning systems can be misled by providing carefully crafted inputs making them wrongly classify inputs. Maliciously created input samples can affect the learning process of a ML system by either slowing down the learning process, or affecting the performance of the learned mode, or causing the system make error(s) only in attacker's planned scenario. Because of these developments, understanding security of machine learning algorithms and systems is emerging as an important research area among computer security and machine learning researchers and practitioners. We present a survey of this emerging area in machine learning.

Artificial Intelligence,Cryptography and Security,Machine Learning

N. G. Bhuvaneswari Amma

DOI: https://doi.org/10.1007/s10586-022-03577-4

2022-03-18

Cluster Computing

Abstract:Nowadays with the exponential rise of traffic over large scale networks, Internet is vulnerable to increased number of cyber attacks. The cyber attacks attempt to steal, alter, or destroy information through unauthorized access to systems. Recently, deep learning techniques have been proposed to detect cyber attacks. The existing deep learning based detection systems perform static detection of attacks failing to capture unknown attacks happening in evolving large network traffic. The unknown attacks could be detected on the fly if a generalizable model is designed for each evolving class of network traffic. This is effectively represented in the proposed Vector Convolutional Deep Autonomous Learning (VCDAL) classifier to detect cyber attacks in the network traffic data streams. The proposed VCDAL classifier extracts the features using vector convolutional neural network, learns the features automatically using incremental learning with distilled cross entropy, and classifies the evolving network traffic using softmax function. The proposed classifier was tested by conducting experiments on benchmark network traffic datasets and it is obvious that the proposed classifier can possibly recognize both known and unknown cyber attacks. Furthermore, it is observed from the comparative analysis that the proposed VCDAL classifier exhibits significant results compared to the existing base classifiers and state-of-the-art deep learning approaches.

Fawaz Waselallah Alsaade,Mosleh Hmoud Al-Adhaileh

DOI: https://doi.org/10.3390/s23084086

2023-04-18

Abstract:Connected and autonomous vehicles (CAVs) present exciting opportunities for the improvement of both the mobility of people and the efficiency of transportation systems. The small computers in autonomous vehicles (CAVs) are referred to as electronic control units (ECUs) and are often perceived as being a component of a broader cyber-physical system. Subsystems of ECUs are often networked together via a variety of in-vehicle networks (IVNs) so that data may be exchanged, and the vehicle can operate more efficiently. The purpose of this work is to explore the use of machine learning and deep learning methods in defence against cyber threats to autonomous cars. Our primary emphasis is on identifying erroneous information implanted in the data buses of various automobiles. In order to categorise this type of erroneous data, the gradient boosting method is used, providing a productive illustration of machine learning. To examine the performance of the proposed model, two real datasets, namely the Car-Hacking and UNSE-NB15 datasets, were used. Real automated vehicle network datasets were used in the verification process of the proposed security solution. These datasets included spoofing, flooding and replay attacks, as well as benign packets. The categorical data were transformed into numerical form via pre-processing. Machine learning and deep learning algorithms, namely k-nearest neighbour (KNN) and decision trees, long short-term memory (LSTM), and deep autoencoders, were employed to detect CAN attacks. According to the findings of the experiments, using the decision tree and KNN algorithms as machine learning approaches resulted in accuracy levels of 98.80% and 99%, respectively. On the other hand, the use of LSTM and deep autoencoder algorithms as deep learning approaches resulted in accuracy levels of 96% and 99.98%, respectively. The maximum accuracy was achieved when using the decision tree and deep autoencoder algorithms. Statistical analysis methods were used to analyse the results of the classification algorithms, and the determination coefficient measurement for the deep autoencoder was found to reach a value of R2 = 95%. The performance of all of the models that were built in this way surpassed that of those already in use, with almost perfect levels of accuracy being achieved. The system developed is able to overcome security issues in IVNs.

Ayesha Sarwar,Muhammad Faheem Mushtaq,Urooj Akram,Furqan Rustam,Ameer Hamza,Vaibhav Rupapara,Saleem Ullah

DOI: https://doi.org/10.1007/s12652-023-04666-x

IF: 3.662

2023-08-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:Internet usage is increasing day by day all over the world and as a result, technology is also developing to make daily life appliances as smart as possible. Millions of devices are connected using IoT technology, and the vulnerabilities of these devices are still exploitable by attackers. Having access to IoT devices through a Bot Master allows the Bot Master to attack a targeted server with these devices. To detect malicious traffic in IoT networks, there is a need for an intelligent mechanism. Although there have been many studies on the detection of botnet malware, accuracy and efficiency remain a gap. This study focuses on an automatic system that can detect botnet malware with high accuracy. A new ensemble model has been proposed in this study, known as the Extra Tree Random Voting Ensemble Classifier (ER-VEC), which is a combination of two tree-based models called Extra Tree and Random Forest. The proposed model is tested on several malicious traffic in the IoT networks datasets such as IoTID20, MedBIoT, UNSW-NB15, N-BaIoT, and ER-VEC achieving 99.99%, 99.91%, 95.64%, and 100% accuracy scores, respectively. In comparison with the proposed model, other machine learning models were also employed, and ER-VEC significantly outperformed them in terms of accuracy, precision, recall, F1-score, and error rate across all datasets. In addition, we performed K-Fold cross-validation and found that ER-VEC achieved an accuracy score of 98% and a standard deviation of 0.04±.

computer science, information systems,telecommunications, artificial intelligence

Charles Meyers,Mohammad Reza Saleh Sedghpour,Tommy Löfstedt,Erik Elmroth

2024-09-12

Abstract:Machine learning models -- deep neural networks in particular -- have performed remarkably well on benchmark datasets across a wide variety of domains. However, the ease of finding adversarial counter-examples remains a persistent problem when training times are measured in hours or days and the time needed to find a successful adversarial counter-example is measured in seconds. Much work has gone into generating and defending against these adversarial counter-examples, however the relative costs of attacks and defences are rarely discussed. Additionally, machine learning research is almost entirely guided by test/train metrics, but these would require billions of samples to meet industry standards. The present work addresses the problem of understanding and predicting how particular model hyper-parameters influence the performance of a model in the presence of an adversary. The proposed approach uses survival models, worst-case examples, and a cost-aware analysis to precisely and accurately reject a particular model change during routine model training procedures rather than relying on real-world deployment, expensive formal verification methods, or accurate simulations of very complicated systems (\textit{e.g.}, digitally recreating every part of a car or a plane). Through an evaluation of many pre-processing techniques, adversarial counter-examples, and neural network configurations, the conclusion is that deeper models do offer marginal gains in survival times compared to more shallow counterparts. However, we show that those gains are driven more by the model inference time than inherent robustness properties. Using the proposed methodology, we show that ResNet is hopelessly insecure against even the simplest of white box attacks.

Machine Learning,Artificial Intelligence,Computer Vision and Pattern Recognition

Latifah Almuqren,Fuad Al-Mutiri,Mashael Maashi,Heba Mohsen,Anwer Mustafa Hilal,Mohamed Ibrahim Alsaid,Suhanda Drar,Sitelbanat Abdelbagi

DOI: https://doi.org/10.3390/s23104804

2023-05-16

Abstract:A Cyber-Physical System (CPS) is a network of cyber and physical elements that interact with each other. In recent years, there has been a drastic increase in the utilization of CPSs, which makes their security a challenging problem to address. Intrusion Detection Systems (IDSs) have been used for the detection of intrusions in networks. Recent advancements in the fields of Deep Learning (DL) and Artificial Intelligence (AI) have allowed the development of robust IDS models for the CPS environment. On the other hand, metaheuristic algorithms are used as feature selection models to mitigate the curse of dimensionality. In this background, the current study presents a Sine-Cosine-Adopted African Vultures Optimization with Ensemble Autoencoder-based Intrusion Detection (SCAVO-EAEID) technique to provide cybersecurity in CPS environments. The proposed SCAVO-EAEID algorithm focuses mainly on the identification of intrusions in the CPS platform via Feature Selection (FS) and DL modeling. At the primary level, the SCAVO-EAEID technique employs Z-score normalization as a preprocessing step. In addition, the SCAVO-based Feature Selection (SCAVO-FS) method is derived to elect the optimal feature subsets. An ensemble Deep-Learning-based Long Short-Term Memory-Auto Encoder (LSTM-AE) model is employed for the IDS. Finally, the Root Means Square Propagation (RMSProp) optimizer is used for hyperparameter tuning of the LSTM-AE technique. To demonstrate the remarkable performance of the proposed SCAVO-EAEID technique, the authors used benchmark datasets. The experimental outcomes confirmed the significant performance of the proposed SCAVO-EAEID technique over other approaches with a maximum accuracy of 99.20%.

Iqbal H. Sarker

DOI: https://doi.org/10.1002/spy2.295

2023-01-12

Security and Privacy

Abstract:Due to the rising dependency on digital technology, cybersecurity has emerged as a more prominent field of research and application that typically focuses on securing devices, networks, systems, data and other resources from various cyber‐attacks, threats, risks, damages, or unauthorized access. Artificial intelligence (AI), also referred to as a crucial technology of the current Fourth Industrial Revolution (Industry 4.0 or 4IR), could be the key to intelligently dealing with these cyber issues. Various forms of AI methodologies, such as analytical, functional, interactive, textual as well as visual AI can be employed to get the desired cyber solutions according to their computational capabilities. However, the dynamic nature and complexity of real‐world situations and data gathered from various cyber sources make it challenging nowadays to build an effective AI‐based security model. Moreover, defending robustly against adversarial attacks is still an open question in the area. In this article, we provide a comprehensive view on "Cybersecurity Intelligence and Robustness," emphasizing multi‐aspects AI‐based modeling and adversarial learning that could lead to addressing diverse issues in various cyber applications areas such as detecting malware or intrusions, zero‐day attacks, phishing, data breach, cyberbullying and other cybercrimes. Thus the eventual security modeling process could be automated, intelligent, and robust compared to traditional security systems. We also emphasize and draw attention to the future aspects of cybersecurity intelligence and robustness along with the research direction within the context of our study. Overall, our goal is not only to explore AI‐based modeling and pertinent methodologies but also to focus on the resulting model's applicability for securing our digital systems and society.

Jona Klemenc,Holger Trittenbach

DOI: https://doi.org/10.48550/arXiv.2301.12151

2023-01-28

Abstract:Regulation, legal liabilities, and societal concerns challenge the adoption of AI in safety and security-critical applications. One of the key concerns is that adversaries can cause harm by manipulating model predictions without being detected. Regulation hence demands an assessment of the risk of damage caused by adversaries. Yet, there is no method to translate this high-level demand into actionable metrics that quantify the risk of damage. In this article, we propose a method to model and statistically estimate the probability of damage arising from adversarial attacks. We show that our proposed estimator is statistically consistent and unbiased. In experiments, we demonstrate that the estimation results of our method have a clear and actionable interpretation and outperform conventional metrics. We then show how operators can use the estimation results to reliably select the model with the lowest risk.

Machine Learning,Artificial Intelligence

Giovanni Apruzzese,Mauro Andreolini,Luca Ferretti,Mirco Marchetti,Michele Colajanni

DOI: https://doi.org/10.1145/3469659

2021-06-19

Digital Threats: Research and Practice

Abstract:The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to adversarial attacks that create tiny perturbations aimed at decreasing the effectiveness of detecting threats. We observe that existing literature assumes threat models that are inappropriate for realistic cybersecurity scenarios because they consider opponents with complete knowledge about the cyber detector or that can freely interact with the target systems. By focusing on Network Intrusion Detection Systems based on machine learning, we identify and model the real capabilities and circumstances required by attackers to carry out feasible and successful adversarial attacks. We then apply our model to several adversarial attacks proposed in literature and highlight the limits and merits that can result in actual adversarial attacks. The contributions of this paper can help hardening defensive systems by letting cyber defenders address the most critical and real issues, and can benefit researchers by allowing them to devise novel forms of adversarial attacks based on realistic threat models.