Shreya Ghosh,Abu Shafin Mohammad Mahdee Jameel,Aly El Gamal

2024-01-08

Abstract:Network Intrusion Detection Systems (IDS) aim to detect the presence of an intruder by analyzing network packets arriving at an internet connected device. Data-driven deep learning systems, popular due to their superior performance compared to traditional IDS, depend on availability of high quality training data for diverse intrusion classes. A way to overcome this limitation is through transferable learning, where training for one intrusion class can lead to detection of unseen intrusion classes after deployment. In this paper, we provide a detailed study on the transferability of intrusion detection. We investigate practical federated learning configurations to enhance the transferability of intrusion detection. We propose two techniques to significantly improve the transferability of a federated intrusion detection system. The code for this work can be found at

Cryptography and Security,Machine Learning,Signal Processing

Islam Debicha,Thibault Debatty,Jean-Michel Dricot,Wim Mees,Tayeb Kenaza

DOI: https://doi.org/10.1007/978-981-16-8059-5_20

2021-12-23

Abstract:In the last decade, the use of Machine Learning techniques in anomaly-based intrusion detection systems has seen much success. However, recent studies have shown that Machine learning in general and deep learning specifically are vulnerable to adversarial attacks where the attacker attempts to fool models by supplying deceptive input. Research in computer vision, where this vulnerability was first discovered, has shown that adversarial images designed to fool a specific model can deceive other machine learning models. In this paper, we investigate the transferability of adversarial network traffic against multiple machine learning-based intrusion detection systems. Furthermore, we analyze the robustness of the ensemble intrusion detection system, which is notorious for its better accuracy compared to a single model, against the transferability of adversarial attacks. Finally, we examine Detect & Reject as a defensive mechanism to limit the effect of the transferability property of adversarial network traffic against machine learning-based intrusion detection systems.

Cryptography and Security,Machine Learning

Ehsan Nowroozi,Yassine Mekdad,Mohammad Hajian Berenjestanaki,Mauro Conti,Abdeslam EL Fergougui

DOI: https://doi.org/10.48550/arXiv.2110.04488

2022-03-31

Abstract:Convolutional Neural Networks (CNNs) models are one of the most frequently used deep learning networks, and extensively used in both academia and industry. Recent studies demonstrated that adversarial attacks against such models can maintain their effectiveness even when used on models other than the one targeted by the attacker. This major property is known as transferability, and makes CNNs ill-suited for security applications. In this paper, we provide the first comprehensive study which assesses the robustness of CNN-based models for computer networks against adversarial transferability. Furthermore, we investigate whether the transferability property issue holds in computer networks applications. In our experiments, we first consider five different attacks: the Iterative Fast Gradient Method (I-FGSM), the Jacobian-based Saliency Map (JSMA), the Limited-memory Broyden Fletcher Goldfarb Shanno BFGS (L- BFGS), the Projected Gradient Descent (PGD), and the DeepFool attack. Then, we perform these attacks against three well- known datasets: the Network-based Detection of IoT (N-BaIoT) dataset, the Domain Generating Algorithms (DGA) dataset, and the RIPE Atlas dataset. Our experimental results show clearly that the transferability happens in specific use cases for the I- FGSM, the JSMA, and the LBFGS attack. In such scenarios, the attack success rate on the target network range from 63.00% to 100%. Finally, we suggest two shielding strategies to hinder the attack transferability, by considering the Most Powerful Attacks (MPAs), and the mismatch LSTM architecture.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning,Networking and Internet Architecture

Peilun Wu,Hui Guo,Richard Buckland

DOI: https://doi.org/10.1109/ICBDA.2019.8713213

2019-12-19

Abstract:Convolution Neural Network (ConvNet) offers a high potential to generalize input data. It has been widely used in many application areas, such as visual imagery, where comprehensive learning datasets are available and a ConvNet model can be well trained and perform the required function effectively. ConvNet can also be applied to network intrusion detection. However, the currently available datasets related to the network intrusion are often inadequate, which makes the ConvNet learning deficient, hence the trained model is not competent in detecting unknown intrusions. In this paper, we propose a ConvNet model using transfer learning for network intrusion detection. The model consists of two concatenated ConvNets and is built on a two-stage learning process: learning a base dataset and transferring the learned knowledge to the learning of the target dataset. Our experiments on the NSL-KDD dataset show that the proposed model can improve the detection accuracy not only on the test dataset containing mostly known attacks (KDDTest+) but also on the test dataset featuring many novel attacks (KDDTest-21) -- about 2.68\% improvement on KDDTest+ and 22.02\% on KDDTest-21 can be achieved, as compared to the traditional ConvNet model.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

Yuhao Mao,Chong Fu,Saizhuo Wang,Shouling Ji,Xuhong Zhang,Zhenguang Liu,Jun Zhou,Alex X. Liu,Raheem Beyah,Ting Wang

DOI: https://doi.org/10.1109/sp46214.2022.9833783

2022-01-01

Abstract:One intriguing property of adversarial attacks is their “transferability” – an adversarial example crafted with respect to one deep neural network (DNN) model is often found effective against other DNNs as well. Intensive research has been conducted on this phenomenon under simplistic controlled conditions. Yet, thus far there is still a lack of comprehensive understanding about transferability-based attacks (“transfer attacks”) in real-world environments.To bridge this critical gap, we conduct the first large-scale systematic empirical study of transfer attacks against major cloud-based MLaaS platforms, taking the components of a real transfer attack into account. The study leads to a number of interesting findings which are inconsistent to the existing ones, including: (i) Simple surrogates do not necessarily improve real transfer attacks. (ii) No dominant surrogate architecture is found in real transfer attacks. (iii) It is the gap between posterior (output of the softmax layer) rather than the gap between logit (so-called κ value) that increases transferability. Moreover, by comparing with prior works, we demonstrate that transfer attacks possess many previously unknown properties in real-world environments, such as (i) Model similarity is not a well-defined concept. (ii) L 2 norm of perturbation can generate high transferability without usage of gradient and is a more powerful source than L ∞ norm. We believe this work sheds light on the vulnerabilities of popular MLaaS platforms and points to a few promising research directions. 1

Gang Wang,Dong Liu,Chunrui Zhang,Teng Hu

DOI: https://doi.org/10.3390/app132112033

2023-01-01

Applied Sciences

Abstract:Cybersecurity faces constant challenges from increasingly sophisticated network attacks. Recent research shows machine learning can improve attack detection by training models on large labeled datasets. However, obtaining sufficient labeled data is difficult for internal networks. We propose a deep transfer learning model to learn common knowledge from domains with different features and distributions. The model has two feature projection networks to transform heterogeneous features into a common space, and a classification network then predicts transformed features into labels. To align probability distributions for two domains, maximum mean discrepancy (MMD) is used to compute distribution distance alongside classification loss. Though the target domain only has a few labeled samples, unlabeled samples are adequate for computing MMD to align unconditional distributions. In addition, we apply a soft classification scheme on unlabeled data to compute MMD over classes to further align conditional distributions. Experiments between NSL-KDD, UNSW-NB15, and CICIDS2017 validate that the method substantially improves cross-domain network attack detection accuracy.

Shuiping Gou,Yuqin Wang,Licheng Jiao,Jing Feng,Yao

DOI: https://doi.org/10.1109/ispa.2009.92

2009-01-01

Abstract:In order to solve the problem that there exists unbalanced detection performance on different types of attacks in current large-scale network intrusion detection algorithms, Distributed Transfer Network Learning algorithm is proposed in this paper. The algorithm introduces transfer learning into Distributed Network Boosting algorithm for instructing the attacks learning with poor performance, in which the instances transfer learning is adopted for different domain adaptation. The experimental results on the Kdd Cup’99 Data Set show that the proposed algorithm has higher efficacy and better performance. Further, the detection accuracy of R2L attacks has been improved greatly while maintaining higher detection accuracy of other attack types.

Jindong Gu,Xiaojun Jia,Pau de Jorge,Wenqain Yu,Xinwei Liu,Avery Ma,Yuan Xun,Anjun Hu,Ashkan Khakzar,Zhijiang Li,Xiaochun Cao,Philip Torr

2024-05-02

Abstract:The emergence of Deep Neural Networks (DNNs) has revolutionized various domains by enabling the resolution of complex tasks spanning image recognition, natural language processing, and scientific problem-solving. However, this progress has also brought to light a concerning vulnerability: adversarial examples. These crafted inputs, imperceptible to humans, can manipulate machine learning models into making erroneous predictions, raising concerns for safety-critical applications. An intriguing property of this phenomenon is the transferability of adversarial examples, where perturbations crafted for one model can deceive another, often with a different architecture. This intriguing property enables black-box attacks which circumvents the need for detailed knowledge of the target model. This survey explores the landscape of the adversarial transferability of adversarial examples. We categorize existing methodologies to enhance adversarial transferability and discuss the fundamental principles guiding each approach. While the predominant body of research primarily concentrates on image classification, we also extend our discussion to encompass other vision tasks and beyond. Challenges and opportunities are discussed, highlighting the importance of fortifying DNNs against adversarial vulnerabilities in an evolving landscape.

Computer Vision and Pattern Recognition

Harsh Dhillon,Anwar Haque

DOI: https://doi.org/10.1109/TrustCom50675.2020.00144

2021-01-04

Abstract:Network traffic is growing at an outpaced speed globally. The modern network infrastructure makes classic network intrusion detection methods inefficient to classify an inflow of vast network traffic. This paper aims to present a modern approach towards building a network intrusion detection system (NIDS) by using various deep learning methods. To further improve our proposed scheme and make it effective in real-world settings, we use deep transfer learning techniques where we transfer the knowledge learned by our model in a source domain with plentiful computational and data resources to a target domain with sparse availability of both the resources. Our proposed method achieved 98.30% classification accuracy score in the source domain and an improved 98.43% classification accuracy score in the target domain with a boost in the classification speed using UNSW-15 dataset. This study demonstrates that deep transfer learning techniques make it possible to construct large deep learning models to perform network classification, which can be deployed in the real world target domains where they can maintain their classification performance and improve their classification speed despite the limited accessibility of resources.

Machine Learning

Hsiu-Min Chuang,Li-Jyun Ye

DOI: https://doi.org/10.3390/su15129395

IF: 3.9

2023-06-12

Sustainability

Abstract:In traditional network management, the configuration of routing policies and associated settings on individual routers and switches was performed manually, incurring a considerable cost. By centralizing network management, software-defined networking (SDN) technology has reduced hardware construction costs and increased flexibility. However, this centralized architecture renders information security vulnerable to network attacks, making intrusion detection in the SDN environment crucial. Machine-learning approaches have been widely used for intrusion detection recently. However, critical issues such as unknown attacks, insufficient data, and class imbalance may significantly affect the performance of typical machine learning. We addressed these problems and proposed a transfer-learning method based on the SDN environment. The following experimental results showed that our method outperforms typical machine learning methods. (1) our model achieved a F1-score of 0.71 for anomaly detection for unknown attacks; (2) for small samples, our model achieved a F1-score of 0.98 for anomaly detection and a F1-score of 0.51 for attack types identification; (3) for class imbalance, our model achieved an F1-score of 1.00 for anomaly detection and 0.91 for attack type identification. In addition, our model required 15,230 seconds (4 h 13 m 50 s) for training, ranking second among the six models when considering both performance and efficiency. In future studies, we plan to combine sampling techniques with few-shot learning to improve the performance of minority classes in class imbalance scenarios.

environmental sciences,environmental studies,green & sustainable science & technology

Tochukwu Idika,Ismail Akturk

DOI: https://doi.org/10.48550/arXiv.2112.01777

2021-12-03

Abstract:Transferability of adversarial samples became a serious concern due to their impact on the reliability of machine learning system deployments, as they find their way into many critical applications. Knowing factors that influence transferability of adversarial samples can assist experts to make informed decisions on how to build robust and reliable machine learning systems. The goal of this study is to provide insights on the mechanisms behind the transferability of adversarial samples through an attack-centric approach. This attack-centric perspective interprets how adversarial samples would transfer by assessing the impact of machine learning attacks (that generated them) on a given input dataset. To achieve this goal, we generated adversarial samples using attacker models and transferred these samples to victim models. We analyzed the behavior of adversarial samples on victim models and outlined four factors that can influence the transferability of adversarial samples. Although these factors are not necessarily exhaustive, they provide useful insights to researchers and practitioners of machine learning systems.

Machine Learning

Farhan Ullah,Shamsher Ullah,Gautam Srivastava,Jerry Chun -Wei Lin

DOI: https://doi.org/10.1016/j.dcan.2023.03.008

IF: 6.348

2024-01-01

Digital Communications and Networks

Abstract:A network intrusion detection system is critical for cyber security against illegitimate attacks. In terms of feature perspectives, network traffic may include a variety of elements such as attack reference, attack type, a sub-category of attack, host information, malicious scripts, etc. In terms of network perspectives, network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic. It is challenging to identify a specific attack due to complex features and data imbalance issues. To address these issues, this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic (IDS-INT). IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data. First, detailed information about each type of attack is gathered from network interaction descriptions, which include network nodes, attack type, reference, host information, etc. Second, the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors. Third, the Synthetic Minority Oversampling Technique (SMOTE) is implemented to balance abnormal traffic and detect minority attacks. Fourth, the Convolution Neural Network (CNN) model is designed to extract deep features from the balanced network traffic. Finally, the hybrid approach of the CNN-Long Short-Term Memory (CNN-LSTM) model is developed to detect different types of attacks from the deep features. Detailed experiments are conducted to test the proposed approach using three standard datasets, i.e., UNSW-NB15, CIC-IDS2017, and NSL-KDD. An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

Pengyi Liao,Jun Yan,Jean Michel Sellier,Yongxuan Zhang

DOI: https://doi.org/10.1109/access.2022.3186328

IF: 3.9

2022-07-05

IEEE Access

Abstract:Machine learning is a popular approach to security monitoring and intrusion detection in cyber-physical systems (CPS) like the smart grid. However, these highly dynamic CPS operating in open environments can result in significant data distribution divergence, which may require the adaptation of a learned model. While transfer learning has been an effective approach to retain the performance against the divergence, there is still limited work on a more fundamental question that can be called transferability: when should one apply transfer learning? To address this challenge, this paper proposes a divergence-based transferability analysis to decide whether to apply transfer learning and autonomically adapt learning-based intrusion detectors. This work first identifies three metrics used to measure the divergence between data distributions, and then explores the relation between detector's accuracy drop and divergence in extensive temporal, spatial, and spatiotemporal experiments. Two regression models are trained to approximate the divergence-accuracy relation and then used to predict an accuracy drop which determines whether to apply transfer learning. Finally, a state-of-the-art domain adversarial neural network (DANN) classifier is adopted as the transfer learning model. Datasets from real normal operation profiles and simulated attacks are used to validate the effectiveness of the proposed transferability analysis against variations in attack timing, locations, and both. In all three scenarios, the proposed analysis demonstrated high accuracy in predicting accuracy drop from the divergence, with an RMSE lower than 4.20%, and the DANN can be timely triggered to achieve an accuracy improvement over 5.00%.

Lei Wu,Zhanxing Zhu,Cheng Tai,Weinan E

DOI: https://doi.org/10.48550/arxiv.1802.09707

2018-01-01

Abstract:State-of-the-art deep neural networks are known to be vulnerable to adversarial examples, formed by applying small but malicious perturbations to the original inputs. Moreover, the perturbations can \textit{transfer across models}: adversarial examples generated for a specific model will often mislead other unseen models. Consequently the adversary can leverage it to attack deployed systems without any query, which severely hinder the application of deep learning, especially in the areas where security is crucial. In this work, we systematically study how two classes of factors that might influence the transferability of adversarial examples. One is about model-specific factors, including network architecture, model capacity and test accuracy. The other is the local smoothness of loss function for constructing adversarial examples. Based on these understanding, a simple but effective strategy is proposed to enhance transferability. We call it variance-reduced attack, since it utilizes the variance-reduced gradient to generate adversarial example. The effectiveness is confirmed by a variety of experiments on both CIFAR-10 and ImageNet datasets.

Mingshu He,Xiaojuan Wang,Peng Wei,Liu Yang,Yinglei Teng,Renjian Lyu

DOI: https://doi.org/10.1109/tnsm.2024.3352586

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Anomaly detection plays an essential role in network security and traffic classification. Many studies have focused on anomaly detection to improve network security, including machine learning and deep learning methods. These methods often require numerous samples and must obtain the results by classifying the entire data set, thereby limiting their inflexibility. Although transfer and multitask learning have achieved some results in the model’s transferability, these methods must manually label or reprocess the test set. These problems limit the application of previous methods in network security management. To solve these problems, we propose a transferable and adaptable network intrusion detection system (TA-NIDS) based on deep reinforcement learning. The interaction process between the agent and the environment varies every time. A small-scale data set can be used to produce many interactive processes. Therefore, robustness is guaranteed when there are few samples. Then, a reasonable reward function allows the agent to learn how to first choose outliers without classifying the entire data set. This makes the TA-NIDS more adaptable to the scene when we prioritize apparent outliers. More importantly, the original features are transformed into the state of the environment, so no requirement exists for the feature dimension. Furthermore, the general rather than the specific state of one data set makes the model transferable to other data sets. The experimental results for IDS2017, IDS2018, NSL-KDD, UNSW-NB15 and CIC-IoT2023 show that the proposed framework maintains good accuracy when prioritizing outliers and transferability are prioritized simultaneously.

computer science, information systems

Yanpei Liu,Xinyun Chen,Chang Liu,Dawn Song

DOI: https://doi.org/10.48550/arXiv.1611.02770

IF: 5.414

2016-11-08

Machine Learning

Abstract:An intriguing property of deep neural networks is the existence of adversarial examples, which can transfer among different architectures. These transferable adversarial examples may severely hinder deep neural network-based applications. Previous works mostly study the transferability using small scale datasets. In this work, we are the first to conduct an extensive study of the transferability over large models and a large scale dataset, and we are also the first to study the transferability of targeted adversarial examples with their target labels. We study both non-targeted and targeted adversarial examples, and show that while transferable non-targeted adversarial examples are easy to find, targeted adversarial examples generated using existing approaches almost never transfer with their target labels. Therefore, we propose novel ensemble-based approaches to generating transferable adversarial examples. Using such approaches, we observe a large proportion of targeted adversarial examples that are able to transfer with their target labels for the first time. We also present some geometric studies to help understanding the transferable adversarial examples. Finally, we show that the adversarial examples generated using ensemble-based approaches can successfully attack Clarifai.com, which is a black-box image classification system.

Liping Yuan,Xiaoqing Zheng,Yi Zhou,Cho-Jui Hsieh,Kai-Wei Chang

DOI: https://doi.org/10.18653/v1/2021.emnlp-main.121

2021-01-01

Abstract:Deep neural networks are vulnerable to adversarial attacks, where a small perturbation to an input alters the model prediction. In many cases, malicious inputs intentionally crafted for one model can fool another model. In this paper, we present the first study to systematically investigate the transferability of adversarial examples for text classification models and explore how various factors, including network architecture, tokenization scheme, word embedding, and model capacity, affect the transferability of adversarial examples. Based on these studies, we propose a genetic algorithm to find an ensemble of models that can be used to induce adversarial examples to fool almost all existing models. Such adversarial examples reflect the defects of the learning process and the data bias in the training set. Finally, we derive word replacement rules that can be used for model diagnostics from these adversarial examples.

Islam Debicha,Richard Bauwens,Thibault Debatty,Jean-Michel Dricot,Tayeb Kenaza,Wim Mees

DOI: https://doi.org/10.1016/j.future.2022.08.011

2022-10-28

Abstract:Nowadays, intrusion detection systems based on deep learning deliver state-of-the-art performance. However, recent research has shown that specially crafted perturbations, called adversarial examples, are capable of significantly reducing the performance of these intrusion detection systems. The objective of this paper is to design an efficient transfer learning-based adversarial detector and then to assess the effectiveness of using multiple strategically placed adversarial detectors compared to a single adversarial detector for intrusion detection systems. In our experiments, we implement existing state-of-the-art models for intrusion detection. We then attack those models with a set of chosen evasion attacks. In an attempt to detect those adversarial attacks, we design and implement multiple transfer learning-based adversarial detectors, each receiving a subset of the information passed through the IDS. By combining their respective decisions, we illustrate that combining multiple detectors can further improve the detectability of adversarial traffic compared to a single detector in the case of a parallel IDS design.

Cryptography and Security,Artificial Intelligence

Salwa Elsayed,Khalil Mohamed,Mohamed Ashraf Madkour

DOI: https://doi.org/10.1109/access.2024.3389096

IF: 3.9

2024-05-03

IEEE Access

Abstract:This study introduces a deep learning approach for network intrusion detection (NIDS), which excels in both binary and multi-classification tasks. This approach combines the strengths of six distinct deep learning algorithms: DNN, CNN, RNN, LSTM, GRU, and a Hybrid CNN-LSTM architecture. The NSL-KDD dataset, a widely recognized benchmark for intrusion detection research, was utilized for implementation and evaluation. In binary classification, the approach demonstrates exceptional capabilities, with the GRU approach outperforming others. Similarly, the DNN, LSTM, CNN, and RNN approaches exhibit robust performance, showcasing their efficacy in detecting anomalies within network data. In the multi-classification setting, the DNN approach stands out with outstanding performance. While other approaches, including RNN, CNN, LSTM, GRU, and the Hybrid CNN-LSTM approach, also maintain commendable results, the DNN approach proves to be the most effective in handling complex network patterns. This research provides valuable insights into the application of deep learning approaches using the NSL-KDD dataset for network anomaly detection, emphasizing their versatility and reliability across different classification scenarios. The findings lay the groundwork for further exploration and utilization of deep learning methodologies in enhancing network security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jafar Majidpour,Hiwa Hasanzadeh

DOI: https://doi.org/10.48550/arXiv.2012.08318

2020-12-13

Cryptography and Security

Abstract:Application of deep learning to enhance the accuracy of intrusion detection in modern computer networks were studied in this paper. The identification of attacks in computer networks is divided in to two categories of intrusion detection and anomaly detection in terms of the information used in the learning phase. Intrusion detection uses both routine traffic and attack traffic. Abnormal detection methods attempt to model the normal behavior of the system, and any incident that violates this model is considered to be a suspicious behavior. For example, if the web server, which is usually passive, tries to There are many addresses that are likely to be infected with the worm. The abnormal diagnostic methods are Statistical models, Secure system approach, Review protocol, Check files, Create White list, Neural Networks, Genetic Algorithm, Vector Machines, decision tree. Our results have demonstrated that our approach offers high levels of accuracy, precision and recall together with reduced training time. In our future work, the first avenue of exploration for improvement will be to assess and extend the capability of our model to handle zero-day attacks.