Strengthening IDS against Evasion Attacks with GAN-based Adversarial Samples in SDN-enabled network

Cao Phan Xuan Qui, Dang Hong Quang, Phan The Duy, Do Thi Thu Hien, V. Pham
{"title":"Strengthening IDS against Evasion Attacks with GAN-based Adversarial Samples in SDN-enabled network","authors":"Cao Phan Xuan Qui, Dang Hong Quang, Phan The Duy, Do Thi Thu Hien, V. Pham","doi":"10.1109/RIVF51545.2021.9642111","DOIUrl":null,"url":null,"abstract":"With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS’s capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.","PeriodicalId":6860,"journal":{"name":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","volume":"64 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RIVF51545.2021.9642111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS’s capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.
sdn网络中基于gan的对抗样本增强IDS抗逃避攻击
随着智慧城市背景下智能设备数量的增加,软件定义网络(SDN)被认为是在集中控制器内管理大规模异构网络的重要原则。为了应对针对此类网络的网络攻击,我们建立了入侵检测系统(IDS),识别并提醒系统管理员采取进一步适当的应对措施。目前,基于机器学习的入侵检测(ML-IDS)已经被探索并仍在发展中。然而,这些系统的误报率很高,很容易被复杂的攻击所欺骗,比如包含扰动的攻击变体。因此,有必要通过模拟真实网络攻击的突变,对这些系统进行持续的评估和改进。基于生成判别网络(GANs),我们引入了DIGFuPAS,这是一个生成能够绕过ML-IDS的网络攻击数据流的框架。它可以从真实的攻击流量中生成恶意数据流,使IDS无法检测到。生成的流量流用于重新训练ML-IDS,以提高IDS检测复杂攻击的鲁棒性。在名为CICIDS2017的公共数据集上,通过检测率(Detection rate, DR)和F1评分(F1) 2个标准进行实验和评估。一旦集成为支持sdn的网络的自动化可持续性测试管道,DIGFuPAS可用于持续渗透测试和评估IDS的能力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信