dc.contributor.author | Fladby, Torgeir | |
dc.contributor.author | Haugerud, Hårek | |
dc.contributor.author | Nichele, Stefano | |
dc.contributor.author | Begnum, Kyrre | |
dc.contributor.author | Yazidi, Anis | |
dc.date.accessioned | 2021-02-01T17:53:34Z | |
dc.date.accessioned | 2021-03-11T09:50:28Z | |
dc.date.available | 2021-02-01T17:53:34Z | |
dc.date.available | 2021-03-11T09:50:28Z | |
dc.date.issued | 2020-10 | |
dc.identifier.citation | Fladby, Haugerud H, Nichele S, Begnum KM, Yazidi A: Evading a Machine Learning-based Intrusion Detection System through Adversarial Perturbations. In: NN N. RACS '20: Proceedings of the International Conference on Research in Adaptive and Convergent Systems, 2020. Association for Computing Machinery (ACM) p. 161-166 | en |
dc.identifier.isbn | 978-1-4503-8025-6 | |
dc.identifier.uri | https://hdl.handle.net/10642/9996 | |
dc.description.abstract | Machine-learning based Intrusion Detection and Prevention Systems provide significant value to organizations because they can efficiently detect previously unseen variations of known threats, new threats related to known malware or even zero-day malware, unrelated to any other known threats. However, while such systems prove invaluable to security personnel, researchers have observed that data subject to inspection by behavioral analysis can be perturbed in order to evade detection.
We investigated the use of adversarial techniques for adapting the communication patterns between botnet malware and control unit in order to evaluate the robustness of an existing Network Behavioral Analysis solution. We implemented a packet parser that let us extract and edit certain properties of network flows and automated an approach for conducting a grey-box testing scheme of Stratosphere Linux IPS. As part of our implementation, we provided several techniques for providing perturbation to network flow parameters, including a Simultaneous Perturbation Stochastic Approximation method, which was able to produce sufficiently perturbed network flow patterns while adhering to an underlying objective function.
Our results showed that network flow parameters could indeed be perturbed to ultimately enable evasion of intrusion detection based on the detection models that were used with the Intrusion Detection System. Additionally, we demonstrated that it was possible to combine evading detection with techniques for optimization problems that aimed to minimize the magnitude of perturbation to network flows, effectively enabling adaptive network flow behavior. | en |
dc.language.iso | en | en |
dc.publisher | Association for Computing Machinery | en |
dc.relation.ispartof | RACS '20: International Conference on Research in Adaptive and Convergent Systems | |
dc.relation.ispartofseries | RACS: Research in Applied Computation Symposium; RACS '20: International Conference on Research in Adaptive and Convergent Systems | |
dc.subject | Machine learning | en |
dc.subject | Intrusion detection | en |
dc.subject | Adversarial techniques | en |
dc.title | Evading a Machine Learning-based Intrusion Detection System through Adversarial Perturbations | en |
dc.type | Chapter | en |
dc.type | Peer reviewed | en |
dc.type | Conference proceeding | |
dc.date.updated | 2021-02-01T17:53:34Z | |
dc.description.version | acceptedVersion | en |
dc.identifier.doi | https://doi.org/10.1145/3400286.3418252 | |
dc.identifier.cristin | 1885474 | |
dc.source.isbn | 978-1-4503-8025-6 | |