Investigating on the Robustness of Flow-based Intrusion Detection System against Adversarial Samples using Generative Adversarial Networks  

16:31 07/03/2023

Recently, Software Defined Networking (SDN) has emerged as the key technology in programming and orchestrating security policy in the security operations centers (SOCs) for heterogeneous networks. Typically, machine learning-based intrusion detection systems (ML-IDS) have been deployed and associated with SDN to leverage the features of a programmable network to defend against sophisticated cyberattacks in anomaly detection. Unfortunately, such ML-based IDSs are easily vulnerable to adversarial attacks due to the lack of diverse forms of malicious records in the training dataset. The missing data sample in the training phase can lead to a lower detection rate in real-world scenarios with adversarial settings. In this paper, we explore the ability of Wasserstein Generative Adversarial Networks with Gradient Penalty (WGAN-GP), WGAN-GP with two timescale update rule (WGAN-GP TTUR), and AdvGAN in generating perturbed attack samples to bypass attack detectors. Then, this approach is used to continuously evaluate the robustness of ML-based IDSs and then upgrade them as a service in SDN. The experimental results on CICIDS2018 and InSDN datasets demonstrate that generated adversarial samples can be used to fool targeted IDS. Later, those created samples can supplement the original ones in retraining IDS to improve the resilience of the attack detector.

The diverse landscape of network models, including Software-Defined Networking (SDN), Cloud Computing (C2), and Internet of Things (IoT), is evolving to meet the demands of flexibility and performance. However, these environments face numerous security challenges due to cyber-attack complexity. Traditional defense mechanisms are no longer effective against modern attacks. Therefore,...
As data driven-based Windows malware detectors become increasingly prevalent, the need for robust evaluation and enhancement of adversarial malware generation techniques also becomes imperative, as malicious actors will adapt and enhance their malware to evade detection. There are numerous works that introduce new techniques or enhancements for adversarial malware. One...