Strengthening IDS against Evasion Attacks with GAN-based Adversarial Samples in SDN-enabled network

With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (...

Full description

Saved in:
Bibliographic Details
Published in2021 RIVF International Conference on Computing and Communication Technologies (RIVF) pp. 1 - 6
Main Authors Xuan Qui, Cao Phan, Hong Quang, Dang, Duy, Phan The, Thi Thu Hien, Do, Pham, Van-Hau
Format Conference Proceeding
LanguageEnglish
Published IEEE 19.08.2021
Subjects
Adversarial Attacks
Computer crime
Generative Adversarial Networks
IDS
Machine Learning IDS
Perturbation methods
Robustness
Smart cities
Software defined networking
Telecommunication traffic
Traffic control
Online AccessGet full text

Cover

More Information
Summary:With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS's capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.
DOI:10.1109/RIVF51545.2021.9642111