{"title":"研究针对sdn网络入侵检测系统的对抗性攻击","authors":"James Aiken, Sandra Scott-Hayward","doi":"10.1109/NFV-SDN47374.2019.9040101","DOIUrl":null,"url":null,"abstract":"Machine-learning based network intrusion detection systems (ML-NIDS) are increasingly popular in the fight against network attacks. In particular, promising detection results have been demonstrated in conjunction with Software-Defined Networks (SDN), in which the logically centralized control plane provides access to data from across the network. However, research into adversarial attacks against machine learning classifiers has highlighted vulnerabilities in a number of fields. These vulnerabilities raise concerns about the implementation of similar classifiers in anomaly-based NIDSs within SDNs. In this work, we investigate the viability of adversarial attacks against classifiers in this field. We implement an anomaly-based NIDS, Neptune, as a target platform that utilises a number of different machine learning classifiers and traffic flow features. We develop an adversarial test tool, Hydra, to evaluate the impact of adversarial evasion classifier attacks against Neptune with the goal of lowering the detection rate of malicious network traffic. The results demonstrate that with the perturbation of a few features, the detection accuracy of a specific SYN flood Distributed Denial of Service (DDoS) attack by Neptune decreases from 100% to 0% across a number of classifiers. Based on these results, recommendations are made as to how to increase the robustness of classifiers against the demonstrated attacks.","PeriodicalId":394933,"journal":{"name":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"110 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":"{\"title\":\"Investigating Adversarial Attacks against Network Intrusion Detection Systems in SDNs\",\"authors\":\"James Aiken, Sandra Scott-Hayward\",\"doi\":\"10.1109/NFV-SDN47374.2019.9040101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Machine-learning based network intrusion detection systems (ML-NIDS) are increasingly popular in the fight against network attacks. In particular, promising detection results have been demonstrated in conjunction with Software-Defined Networks (SDN), in which the logically centralized control plane provides access to data from across the network. However, research into adversarial attacks against machine learning classifiers has highlighted vulnerabilities in a number of fields. These vulnerabilities raise concerns about the implementation of similar classifiers in anomaly-based NIDSs within SDNs. In this work, we investigate the viability of adversarial attacks against classifiers in this field. We implement an anomaly-based NIDS, Neptune, as a target platform that utilises a number of different machine learning classifiers and traffic flow features. We develop an adversarial test tool, Hydra, to evaluate the impact of adversarial evasion classifier attacks against Neptune with the goal of lowering the detection rate of malicious network traffic. The results demonstrate that with the perturbation of a few features, the detection accuracy of a specific SYN flood Distributed Denial of Service (DDoS) attack by Neptune decreases from 100% to 0% across a number of classifiers. Based on these results, recommendations are made as to how to increase the robustness of classifiers against the demonstrated attacks.\",\"PeriodicalId\":394933,\"journal\":{\"name\":\"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)\",\"volume\":\"110 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"39\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NFV-SDN47374.2019.9040101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NFV-SDN47374.2019.9040101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Investigating Adversarial Attacks against Network Intrusion Detection Systems in SDNs
Machine-learning based network intrusion detection systems (ML-NIDS) are increasingly popular in the fight against network attacks. In particular, promising detection results have been demonstrated in conjunction with Software-Defined Networks (SDN), in which the logically centralized control plane provides access to data from across the network. However, research into adversarial attacks against machine learning classifiers has highlighted vulnerabilities in a number of fields. These vulnerabilities raise concerns about the implementation of similar classifiers in anomaly-based NIDSs within SDNs. In this work, we investigate the viability of adversarial attacks against classifiers in this field. We implement an anomaly-based NIDS, Neptune, as a target platform that utilises a number of different machine learning classifiers and traffic flow features. We develop an adversarial test tool, Hydra, to evaluate the impact of adversarial evasion classifier attacks against Neptune with the goal of lowering the detection rate of malicious network traffic. The results demonstrate that with the perturbation of a few features, the detection accuracy of a specific SYN flood Distributed Denial of Service (DDoS) attack by Neptune decreases from 100% to 0% across a number of classifiers. Based on these results, recommendations are made as to how to increase the robustness of classifiers against the demonstrated attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
