毒害油井：基于机器学习的软件定义网络入侵检测系统的对抗性毒害

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2024-11-05 DOI:10.1109/TNSE.2024.3492032

Tapadhir Das;Raj Mani Shukla;Shamik Sengupta

{"title":"毒害油井：基于机器学习的软件定义网络入侵检测系统的对抗性毒害","authors":"Tapadhir Das;Raj Mani Shukla;Shamik Sengupta","doi":"10.1109/TNSE.2024.3492032","DOIUrl":null,"url":null,"abstract":"With the usage of Machine Learning (ML) algorithms in modern-day Network Intrusion Detection Systems (NIDS), contemporary network communications are efficiently protected from cyber threats. However, these ML algorithms are starting to be compromised by adversarial attacks that ambush the ML pipeline. This paper demonstrates the feasibility of an adversarial attack called the Cosine Similarity Label Manipulation (CSLM) which is geared toward compromising training labels for ML-based NIDS. The paper develops two versions of CSLM attacks: Minimum CSLM (Min-CSLM) and Maximum CSLM (Max-CSLM). We demonstrate the attacks' efficacy towards single and multi-controller Software-defined Network (SDN) setups. Results indicate that the proposed attacks provide substantial deterioration of classifier performance in single SDNs, specifically, those that utilize Random Forests (RF), which deteriorate \n<inline-formula><tex-math>$\\approx$</tex-math></inline-formula>\n50% under Min-CSLM attacks, and Support Vector Machines (SVM), which undergo \n<inline-formula><tex-math>$\\approx$</tex-math></inline-formula>\n60% deterioration from a Max-CSLM attack. We also note that RF, SVM, and Multi-layer Perceptron (MLP) classifiers are also extensively vulnerable to these attacks in Multi-controller SDN setups (MSDN) as they incur the most observed utility deterioration. MLP-based uniform MSDNs incur the most deterioration under both proposed CSLM attacks with \n<inline-formula><tex-math>$\\approx$</tex-math></inline-formula>\n28% decrease in performance, while SVM and RF-based variable MSDNs incur the most deterioration under both CSLM attacks with \n<inline-formula><tex-math>$\\approx$</tex-math></inline-formula>\n30% and \n<inline-formula><tex-math>$\\approx$</tex-math></inline-formula>\n 35% decrease in performance, respectively.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"12 1","pages":"252-262"},"PeriodicalIF":6.7000,"publicationDate":"2024-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Poisoning the Well: Adversarial Poisoning on ML-Based Software-Defined Network Intrusion Detection Systems\",\"authors\":\"Tapadhir Das;Raj Mani Shukla;Shamik Sengupta\",\"doi\":\"10.1109/TNSE.2024.3492032\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the usage of Machine Learning (ML) algorithms in modern-day Network Intrusion Detection Systems (NIDS), contemporary network communications are efficiently protected from cyber threats. However, these ML algorithms are starting to be compromised by adversarial attacks that ambush the ML pipeline. This paper demonstrates the feasibility of an adversarial attack called the Cosine Similarity Label Manipulation (CSLM) which is geared toward compromising training labels for ML-based NIDS. The paper develops two versions of CSLM attacks: Minimum CSLM (Min-CSLM) and Maximum CSLM (Max-CSLM). We demonstrate the attacks' efficacy towards single and multi-controller Software-defined Network (SDN) setups. Results indicate that the proposed attacks provide substantial deterioration of classifier performance in single SDNs, specifically, those that utilize Random Forests (RF), which deteriorate \\n<inline-formula><tex-math>$\\\\approx$</tex-math></inline-formula>\\n50% under Min-CSLM attacks, and Support Vector Machines (SVM), which undergo \\n<inline-formula><tex-math>$\\\\approx$</tex-math></inline-formula>\\n60% deterioration from a Max-CSLM attack. We also note that RF, SVM, and Multi-layer Perceptron (MLP) classifiers are also extensively vulnerable to these attacks in Multi-controller SDN setups (MSDN) as they incur the most observed utility deterioration. MLP-based uniform MSDNs incur the most deterioration under both proposed CSLM attacks with \\n<inline-formula><tex-math>$\\\\approx$</tex-math></inline-formula>\\n28% decrease in performance, while SVM and RF-based variable MSDNs incur the most deterioration under both CSLM attacks with \\n<inline-formula><tex-math>$\\\\approx$</tex-math></inline-formula>\\n30% and \\n<inline-formula><tex-math>$\\\\approx$</tex-math></inline-formula>\\n 35% decrease in performance, respectively.\",\"PeriodicalId\":54229,\"journal\":{\"name\":\"IEEE Transactions on Network Science and Engineering\",\"volume\":\"12 1\",\"pages\":\"252-262\"},\"PeriodicalIF\":6.7000,\"publicationDate\":\"2024-11-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network Science and Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10742913/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10742913/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

摘要

随着机器学习（ML）算法在现代网络入侵检测系统（NIDS）中的使用，当代网络通信可以有效地保护免受网络威胁。然而，这些机器学习算法开始受到埋伏在机器学习管道中的对抗性攻击的损害。本文演示了一种称为余弦相似标签操作（CSLM）的对抗性攻击的可行性，该攻击旨在损害基于ml的NIDS的训练标签。本文开发了两种版本的CSLM攻击：最小CSLM （Min-CSLM）和最大CSLM （Max-CSLM）。我们证明了攻击对单控制器和多控制器软件定义网络（SDN）设置的有效性。结果表明，所提出的攻击使单个sdn中的分类器性能大幅下降，特别是那些利用随机森林（RF）的分类器在Min-CSLM攻击下的性能下降了约50%，而支持向量机（SVM）在Max-CSLM攻击下的性能下降了约60%。我们还注意到，RF、SVM和多层感知器（MLP）分类器在多控制器SDN设置（MSDN）中也很容易受到这些攻击，因为它们会导致最明显的效用下降。基于mlp的统一msdn在两种CSLM攻击下性能下降幅度最大，约为28%，而基于SVM和rf的变量msdn在两种CSLM攻击下性能下降幅度最大，分别为30%和35%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Poisoning the Well: Adversarial Poisoning on ML-Based Software-Defined Network Intrusion Detection Systems

With the usage of Machine Learning (ML) algorithms in modern-day Network Intrusion Detection Systems (NIDS), contemporary network communications are efficiently protected from cyber threats. However, these ML algorithms are starting to be compromised by adversarial attacks that ambush the ML pipeline. This paper demonstrates the feasibility of an adversarial attack called the Cosine Similarity Label Manipulation (CSLM) which is geared toward compromising training labels for ML-based NIDS. The paper develops two versions of CSLM attacks: Minimum CSLM (Min-CSLM) and Maximum CSLM (Max-CSLM). We demonstrate the attacks' efficacy towards single and multi-controller Software-defined Network (SDN) setups. Results indicate that the proposed attacks provide substantial deterioration of classifier performance in single SDNs, specifically, those that utilize Random Forests (RF), which deteriorate

$\approx$

50% under Min-CSLM attacks, and Support Vector Machines (SVM), which undergo

$\approx$

60% deterioration from a Max-CSLM attack. We also note that RF, SVM, and Multi-layer Perceptron (MLP) classifiers are also extensively vulnerable to these attacks in Multi-controller SDN setups (MSDN) as they incur the most observed utility deterioration. MLP-based uniform MSDNs incur the most deterioration under both proposed CSLM attacks with

$\approx$

28% decrease in performance, while SVM and RF-based variable MSDNs incur the most deterioration under both CSLM attacks with

$\approx$

30% and

$\approx$

35% decrease in performance, respectively.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.