Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
A Privacy Calculus Model for Contact Tracing Apps: Analyzing the German Corona-Warn-App Read chapter Read first chapter

2022 | OriginalPaper | Chapter

RAAM: A Restricted Adversarial Attack Model with Adding Perturbations to Traffic Features

Authors : Peishuai Sun, Shuhao Li, Jiang Xie, Hongbo Xu, Zhenyu Cheng, Rui Qin

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In recent years, intrusion detection system (IDS) based on machine learning (ML) algorithms has developed rapidly. However, ML algorithms are easily attacked by adversarial examples, and many attackers add perturbations to features of malicious traffic to escape ML-based IDSs. Unfortunately, most attack methods add perturbations without sufficient restrictions, generating unpractical adversarial examples. In this paper, we propose RAAM, a restricted adversarial attack model with adding perturbations to traffic features, which escapes ML-based IDSs. RAAM employs the improved loss to enhance the adversarial effect uses regularizer and masking vectors to restrict perturbations. Compared with previous work, RAAM can generate adversarial examples with superior characteristics: regularization, maliciousness and small perturbation. We conduct experiments on the well-known NSL-KDD dataset, and test on nine different ML-based IDSs. Experimental results show that the mean evasion increase rate (EIR) of RAAM is 94.1% in multiple attacks, which is 9.2% higher than the best of related methods, DIGFuPAS. Especially, adversarial examples generated by RAAM have lower perturbations, and the mean distance of perturbations (\(L_{2}\)) is 1.79, which is 0.81 lower than DIGFuPAS. In addition, we retrain IDSs with adversarial examples to improve their robustness. Experimental results show that retrained IDSs not only maintain the ability of detection for original examples, but also are hard to be attacked again.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter A Study on the Use of 3rd Party DNS Resolvers for Malware Filtering or Censorship Circumvention
next chapter Evaluation of Circuit Lifetimes in Tor
Literature
1.
2.
Aiken, J., Scott-Hayward, S.: Investigating adversarial attacks against network intrusion detection systems in SDNs. In: IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 1–7 (2019)
3.
4.
Lin, Z., Shi, Y., Xue, Z.: IDSGAN: generative adversarial networks for attack generation against intrusion detection. arXiv preprint arXiv:​1809.​02077 (2018)
5.
Usama, M., Asim, M., Latif, S., et al.: Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: 2019 15th international Wireless Communications & Mobile Computing Conference (IWCMC), pp. 78–83 (2019)
6.
Duy, P.T., Khoa, N.H., Nguyen, A.G.T., et al.: DIGFuPAS: deceive IDS with GAN and function-preserving on adversarial examples in SDN-enabled networks. Comput. Secur. 109, 102367 (2021)CrossRef
7.
Han, D., Wang, Z., Zhong, Y., et al.: Evaluating and improving adversarial robustness of machine learning-based network intrusion detectors. IEEE J. Sel. Areas Commun. 39, 2632–2647 (2021)CrossRef
8.
Hashemi, M.J., Cusack, G., Keller, E.: Towards evaluation of NIDSs in adversarial setting. In: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, pp. 14–21 (2019)
9.
Xie, J., Li, S., Yun, X., et al.: HSTF-model: an HTTP-based Trojan detection model via the hierarchical spatio-temporal features of traffics. Comput. Secur. 96, 101923 (2020)CrossRef
10.
van Ede, T., Bortolameotti, R., Continella, A., et al.: FlowPrint: semi-supervised mobile-app fingerprinting on encrypted network traffic. In: Network and Distributed System Security Symposium (NDSS), vol. 27 (2020)
11.
Han, D., Wang, Z., Chen, W., et al.: DeepAID: interpreting and improving deep learning-based anomaly detection in security applications. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 3197–3217 (2021)
12.
Xie, G., Li, Q., Jiang, Y.: Self-attentive deep learning method for online traffic classification and its interpretability. Comput. Netw. 196, 108267 (2021)CrossRef
13.
14.
15.
Papernot, N., McDaniel, P., Jha, S., et al.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372–387 (2016)
16.
Liu, C., Ding, W., Hu, Y., et al.: Rectified binary convolutional networks with generative adversarial learning. Int. J. Comput. Vis. 129(4), 998–1012 (2021)MathSciNetCrossRef
17.
Demetrio, L., Biggio, B., Lagorio, G., et al.: Functionality-preserving black-box optimization of adversarial windows malware. In: IEEE Transactions on Information Forensics and Security, pp. 3469–3478 (2021)
18.
Rahman, M.S., Imani, M., Mathews, N., et al.: Mockingbird: defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Trans. Inf. Forensics Secur. 16, 1594–1609 (2020)CrossRef
19.
20.
Goodfellow, I., Pouget-Abadie, J., Mirza, M., et al.: Generative adversarial nets. Adv. Neural Inf. Process. Syst. 27 (2014)
21.
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (2009)
22.
Davis, J.J., Clark, A.J., et al.: Data preprocessing for anomaly based network intrusion detection: a review. Comput. Secur. 30, 353–375 (2011)CrossRef
23.
Hinton, G., Vinyals, O., Dean, J.: Distilling the Knowledge in a neural network. Stat 1050–1058 (2015)
24.
Metadata
Title
RAAM: A Restricted Adversarial Attack Model with Adding Perturbations to Traffic Features
Authors
Peishuai Sun
Shuhao Li
Jiang Xie
Hongbo Xu
Zhenyu Cheng
Rui Qin
Copyright Year
2022
Book
ICT Systems Security and Privacy Protection

Print ISBN: 978-3-031-06974-1

Electronic ISBN: 978-3-031-06975-8

Copyright Year: 2022

DOI
https://doi.org/10.1007/978-3-031-06975-8_8

Premium Partner

    Image Credits