T. Fladby, H. Haugerud, S. Nichele, Kyrre M. Begnum, A. Yazidi
{"title":"Evading a Machine Learning-based Intrusion Detection System through Adversarial Perturbations","authors":"T. Fladby, H. Haugerud, S. Nichele, Kyrre M. Begnum, A. Yazidi","doi":"10.1145/3400286.3418252","DOIUrl":null,"url":null,"abstract":"Machine-learning based Intrusion Detection and Prevention Systems provide significant value to organizations because they can efficiently detect previously unseen variations of known threats, new threats related to known malware or even zero-day malware, unrelated to any other known threats. However, while such systems prove invaluable to security personnel, researchers have observed that data subject to inspection by behavioral analysis can be perturbed in order to evade detection. We investigated the use of adversarial techniques for adapting the communication patterns between botnet malware and control unit in order to evaluate the robustness of an existing Network Behavioral Analysis solution. We implemented a packet parser that let us extract and edit certain properties of network flows and automated an approach for conducting a grey-box testing scheme of Stratosphere Linux IPS. As part of our implementation, we provided several techniques for providing perturbation to network flow parameters, including a Simultaneous Perturbation Stochastic Approximation method, which was able to produce sufficiently perturbed network flow patterns while adhering to an underlying objective function. Our results showed that network flow parameters could indeed be perturbed to ultimately enable evasion of intrusion detection based on the detection models that were used with the Intrusion Detection System. Additionally, we demonstrated that it was possible to combine evading detection with techniques for optimization problems that aimed to minimize the magnitude of perturbation to network flows, effectively enabling adaptive network flow behavior.","PeriodicalId":326100,"journal":{"name":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3400286.3418252","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Machine-learning based Intrusion Detection and Prevention Systems provide significant value to organizations because they can efficiently detect previously unseen variations of known threats, new threats related to known malware or even zero-day malware, unrelated to any other known threats. However, while such systems prove invaluable to security personnel, researchers have observed that data subject to inspection by behavioral analysis can be perturbed in order to evade detection. We investigated the use of adversarial techniques for adapting the communication patterns between botnet malware and control unit in order to evaluate the robustness of an existing Network Behavioral Analysis solution. We implemented a packet parser that let us extract and edit certain properties of network flows and automated an approach for conducting a grey-box testing scheme of Stratosphere Linux IPS. As part of our implementation, we provided several techniques for providing perturbation to network flow parameters, including a Simultaneous Perturbation Stochastic Approximation method, which was able to produce sufficiently perturbed network flow patterns while adhering to an underlying objective function. Our results showed that network flow parameters could indeed be perturbed to ultimately enable evasion of intrusion detection based on the detection models that were used with the Intrusion Detection System. Additionally, we demonstrated that it was possible to combine evading detection with techniques for optimization problems that aimed to minimize the magnitude of perturbation to network flows, effectively enabling adaptive network flow behavior.
基于机器学习的入侵检测和防御系统为组织提供了重要的价值,因为它们可以有效地检测到以前未见过的已知威胁的变化,与已知恶意软件相关的新威胁,甚至与任何其他已知威胁无关的零日恶意软件。然而,虽然这些系统对安全人员来说是无价的,但研究人员观察到,受行为分析检查的数据可能会受到干扰,以逃避检测。我们研究了使用对抗技术来适应僵尸网络恶意软件和控制单元之间的通信模式,以评估现有网络行为分析解决方案的鲁棒性。我们实现了一个数据包解析器,它允许我们提取和编辑网络流的某些属性,并自动执行一种方法来执行Stratosphere Linux IPS的灰盒测试方案。作为我们实现的一部分,我们提供了几种技术来提供对网络流量参数的扰动,包括同步扰动随机逼近方法,该方法能够在坚持潜在目标函数的同时产生充分扰动的网络流量模式。我们的研究结果表明,基于入侵检测系统所使用的检测模型,网络流参数确实可以被扰动,从而最终能够逃避入侵检测。此外,我们证明了可以将规避检测与优化问题的技术相结合,旨在最大限度地减少对网络流的扰动,有效地实现自适应网络流行为。