Automatic Evasion of Machine Learning-Based Network Intrusion Detection Systems

Network intrusion detection systems (IDS) are often considered effective to thwart cyber attacks. Currently, state-of-the-art (SOTA) IDSs are mainly based on machine learning (ML) including deep learning (DL) models, which suffer from their own security issues, especially evasion attacks by using ad...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 21; no. 1; pp. 153 - 167
Main Authors Yan, Haonan, Li, Xiaoguang, Zhang, Wenjing, Wang, Rui, Li, Hui, Zhao, Xingwen, Li, Fenghua, Lin, Xiaodong
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.01.2024
IEEE Computer Society
Subjects
Adversarial traffic example
black-box evasion attack
Closed box
Cybersecurity
Deep learning
Detectors
Feature extraction
Glass box
Intrusion detection systems
Machine learning
model extraction attack
network intrusion detection system
Optimization
Protocols
System effectiveness
Training
transfer attack
Online AccessGet full text
ISSN1545-5971
1941-0018
DOI10.1109/TDSC.2023.3247585

Cover

More Information
Summary:Network intrusion detection systems (IDS) are often considered effective to thwart cyber attacks. Currently, state-of-the-art (SOTA) IDSs are mainly based on machine learning (ML) including deep learning (DL) models, which suffer from their own security issues, especially evasion attacks by using adversarial examples. However, previous studies mostly focus on extracted features rather than the traffic sample itself, and/or assume that the adversary knows the information of the target model more or less, which severely restricts attack feasibility in practice. In this paper, we re-investigate this problem in a more realistic label-only black-box scenario and propose a practical evasion attack strategy to solve the above limitations. In this newly considered case that the adversary morphs the traffic sample and only obtains the results accepted or rejected without other knowledge, we successfully leverage the model extraction and transfer attack to evade the detection. The entire attack strategy is automated and a comprehensive evaluation is performed. Final results show that the proposed strategy effectively evades seven typical ML-based IDSs and one SOTA DL-based IDS with an average success rate of over <inline-formula><tex-math notation="LaTeX">75\%</tex-math> <mml:math><mml:mrow><mml:mn>75</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="li-ieq1-3247585.gif"/> </inline-formula>. We also discuss the corresponding countermeasures against our attack, which finally highlight the need for effective defenses against our attack.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2023.3247585