Abstract:There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8 against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.

Generating practical adversarial examples against learning-based network intrusion detection systems

Black-Box Adversarial Attacks Against Deep Learning Based Malware Binaries Detection with GAN

Generative adversarial attacks against intrusion detection systems using active learning

Adversarial machine learning in Network Intrusion Detection Systems

Generating Adversarial Examples Against Machine Learning-Based Intrusion Detector in Industrial Control Systems

Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network

Generating Adversarial Examples with Adversarial Networks

Enhancing Network Intrusion Detection Performance using Generative Adversarial Networks

Query-Free Evasion Attacks Against Machine Learning-Based Malware Detectors with Generative Adversarial Networks

An Adversarial Learning Model for Intrusion Detection in Real Complex Network Environments.

Adversarial Examples in Constrained Domains

A Direct Approach to Robust Deep Learning Using Adversarial Networks

Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN.

Adversarial Attacks Against Network Intrusion Detection in IoT Systems

Evaluation of GAN-Based Model for Adversarial Training

A General Framework for Adversarial Examples with Objectives

A novel and universal GAN-based countermeasure to recover adversarial examples to benign examples

Transformer or Autoencoder? Who is the ultimate adversary for attack detectors?

Any Target Can be Offense: Adversarial Example Generation via Generalized Latent Infection

SynGAN: Towards Generating Synthetic Network Attacks using GANs

Anomaly-Based Intrusion on IoT Networks Using AIGAN-a Generative Adversarial Network