Analysis of neural network detectors for network attacks

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Security Pub Date : 2023-11-15 DOI:10.3233/jcs-230031

Qingtian Zou, Lan Zhang, A. Singhal, Xiaoyan Sun, Peng Liu

引用次数: 0

Abstract

While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack.

查看原文本刊更多论文

网络攻击神经网络探测器分析

虽然网络攻击在许多高级持续威胁（APT）活动中扮演着重要角色，但网络防御者与对手之间存在着军备竞赛：为了使 APT 活动隐蔽，对手有强烈的动机逃避检测系统。然而，新的研究表明，神经网络很可能改变这场军备竞赛的格局：神经网络可用于实现精确、无签名和低误报率的检测。在这项工作中，我们研究了对手能否在军备竞赛的下一阶段进行反击。特别是，我们注意到现有的对抗范例生成方法都无法生成既能入侵目标机器又能躲避神经网络检测模型的恶意数据包（和会话），因此我们提出了一种新的攻击方法来实现这一目标。我们设计并实现了新的攻击方法。我们还使用地址解析协议（ARP）中毒和域名系统（DNS）缓存中毒作为案例研究，以证明所提攻击的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.