Categorical Robustness Assessment for Machine Learning based Network Intrusion Detection Systems

In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), IEEE

A novel hierarchical intrusion detection system based on decision tree and rules-based models

Ahmim A, Maglaras L, Ferrag MA

Published: 2019

ICISSp

Toward generating a new intrusion detection dataset and intrusion traffic characterization

Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghorbani

Published: 2018

ArXiv

Kitsune: An ensemble of autoencoders for online network intrusion detection

Y. Mirsky, T. Doitshman, Y. Elovici, A. Shabtai

Published: 2018

Explaining and harnessing adversarial examples

I. J. Goodfellow, J. Shlens, C. Szegedy

Published: 2015

arxiv

被引用数 2

Towards Deep Learning Models Resistant to Adversarial Attacks

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, Adrian Vladu

Published: 2017.6.20

Recent work has demonstrated that deep neural networks are vulnerable to adversarial examples---inputs that are almost indistinguishable from natural data and yet classified incorrectly by the network. In fact, some of the latest findings suggest that the existence of adversarial attacks may be an inherent weakness of deep learning models. To address this problem, we study the adversarial robustness of neural networks through the lens of robust optimization. This approach provides us with a broad and unifying view on much of the prior work on this topic. Its principled nature also enables us to identify methods for both training and attacking neural networks that are reliable and, in a certain sense, universal. In particular, they specify a concrete security guarantee that would protect against any adversary. These methods let us train networks with significantly improved resistance to a wide range of adversarial attacks. They also suggest the notion of security against a first-order adversary as a natural and broad security guarantee. We believe that robustness against such well-defined classes of adversaries is an important stepping stone towards fully resistant deep learning models. Code and pre-trained models are available at https://github.com/MadryLab/mnist_challenge and https://github.com/MadryLab/cifar10_challenge.

モデルの頑健性保証敵対的サンプルロバスト性に関する評価

arxiv

被引用数 1

IEEE Symposium on Security and Privacy

Towards Evaluating the Robustness of Neural Networks

Nicholas Carlini, David Wagner

Published: 2016.8.17

Neural networks provide state-of-the-art results for most machine learning tasks. Unfortunately, neural networks are vulnerable to adversarial examples: given an input $x$ and any target classification $t$, it is possible to find a new input $x'$ that is similar to $x$ but classified as $t$. This makes it difficult to apply neural networks in security-critical areas. Defensive distillation is a recently proposed approach that can take an arbitrary neural network, and increase its robustness, reducing the success rate of current attacks' ability to find adversarial examples from $95\%$ to $0.5\%$. In this paper, we demonstrate that defensive distillation does not significantly increase the robustness of neural networks by introducing three new attack algorithms that are successful on both distilled and undistilled neural networks with $100\%$ probability. Our attacks are tailored to three distance metrics used previously in the literature, and when compared to previous adversarial example generation algorithms, our attacks are often much more effective (and never worse). Furthermore, we propose using high-confidence adversarial examples in a simple transferability test we show can also be used to break defensive distillation. We hope our attacks will be used as a benchmark in future defense attempts to create neural networks that resist adversarial examples.

モデルの堅牢性敵対的サンプルモデルの頑健性保証

IEEE Transactions on Mobile Computing

Classifying iot devices in smart environments using network traffic characteristics

Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, Vijay Sivaraman

Published: 2019

26th USENIX Security Symposium

Understanding the Mirai botnet

Manos Antonakakis, Tim April, Michael Bailey

Published: 2017

Computer Networks

The Internet of Things: A survey

L. Atzori, A. Iera, G. Morabito

Published: 2010

Inf. Sci. (Ny)

Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

I. Corona, G. Giacinto, F. Roli

Published: 2013

Innovations in Intelligent Systems and Applications (INISTA)

Intrusion detection systems vulnerability on adversarial examples

A. Warzynski, G. Kolaczek

Published: 2018

Digital Threats: Research and Practice (DTRAP)

Modeling realistic adversarial attacks against network intrusion detection systems

G. Apruzzese, M. Andreolini, L. Ferretti, M. Marchetti, M. Colajanni

Published: 2022

Digital Threats: Research and Practice

Intriguing properties of adversarial ml attacks in the problem space [extended version]

J. Cortellazzi, E. Quiring, D. Arp, F. Pendlebury, F. Pierazzi, L. Cavallaro

Published: 2025

Proceedings Of The 3rd ACM CoNEXT Workshop On Big Data, Machine Learning And Artificial Intelligence For Data Communication Networks

Towards evaluation of nidss in adversarial setting

Hashemi, M., Cusack, G., Keller, E.

Published: 2019

nature

Deep learning

Yann LeCun, Yoshua Bengio, Geoffrey Hinton

Published: 2015

Neural computation

Long short-term memory

S. Hochreiter, J. Schmidhuber

Published: 1997

Machine learning

Random forests

Breiman L

Published: 2001

Canadian Institute for Cybersecurity, University of New Brunswick

ACI-IoT-2023: A comprehensive IoT network traffic dataset

E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, A. A. Ghorbani

Published: 2023

arxiv

被引用数 2

Computing Research Repository (CoRR)

Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples

Nicolas Papernot, Patrick McDaniel, Ian Goodfellow

Published: 2016.5.24

Many machine learning models are vulnerable to adversarial examples: inputs that are specially crafted to cause a machine learning model to produce an incorrect output. Adversarial examples that affect one model often affect another model, even if the two models have different architectures or were trained on different training sets, so long as both models were trained to perform the same task. An attacker may therefore train their own substitute model, craft adversarial examples against the substitute, and transfer them to a victim model, with very little information about the victim. Recent work has further developed a technique that uses the victim model as an oracle to label a synthetic training set for the substitute, so the attacker need not even collect a training set to mount the attack. We extend these recent techniques using reservoir sampling to greatly enhance the efficiency of the training procedure for the substitute model. We introduce new transferability attacks between previously unexplored (substitute, victim) pairs of machine learning model classes, most notably SVMs and decision trees. We demonstrate our attacks on two commercial machine learning classification systems from Amazon (96.19% misclassification rate) and Google (88.94%) using only 800 queries of the victim model, thereby showing that existing machine learning approaches are in general vulnerable to systematic black-box attacks regardless of their structure.

敵対的攻撃分析敵対的サンプルモデルの頑健性保証

arxiv

被引用数 1

International Conference on Learning Representations (ICLR)

Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach

Tsui-Wei Weng, Huan Zhang, Pin-Yu Chen, Jinfeng Yi, Dong Su, Yupeng Gao, Cho-Jui Hsieh, Luca Daniel

Published: 2018.2.1

The robustness of neural networks to adversarial examples has received great attention due to security implications. Despite various attack approaches to crafting visually imperceptible adversarial examples, little has been developed towards a comprehensive measure of robustness. In this paper, we provide a theoretical justification for converting robustness analysis into a local Lipschitz constant estimation problem, and propose to use the Extreme Value Theory for efficient evaluation. Our analysis yields a novel robustness metric called CLEVER, which is short for Cross Lipschitz Extreme Value for nEtwork Robustness. The proposed CLEVER score is attack-agnostic and computationally feasible for large neural networks. Experimental results on various networks, including ResNet, Inception-v3 and MobileNet, show that (i) CLEVER is aligned with the robustness indication measured by the $\ell_2$ and $\ell_\infty$ norms of adversarial examples from powerful attacks, and (ii) defended networks using defensive distillation or bounded ReLU indeed achieve better CLEVER scores. To the best of our knowledge, CLEVER is the first attack-independent robustness metric that can be applied to any neural network classifier.

ロバスト性評価モデルの頑健性保証敵対的攻撃

ICLR

Intriguing properties of neural networks

C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, R. Fergus

Published: 2014

MIT Press

Dataset Shift in Machine Learning

J. Quiñonero-Candela, M. Sugiyama, A. Schwaighofer, N. D. Lawrence

Published: 2008

International Conference on Machine Learning. PMLR

Batch normalization: Accelerating deep network training by reducing internal covariate shift

S. Ioffe, C. Szegedy

Published: 2015

Expert Systems with Applications

Adversarial machine learning in network intrusion detection systems

E. Alhajjar, P. Maxwell, N. Bastian

Published: 2021