Print Email Facebook Twitter Adversarial Traffic Modifications for the Network Intrusion Detection Domain Title Adversarial Traffic Modifications for the Network Intrusion Detection Domain: A Practical Adversarial Network Traffic Crafting Approach Author Simidžioski, Maria (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security) Contributor Verwer, S.E. (mentor) Jonker, C.M. (graduation committee) Vos, D.A. (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science | Cyber Security Date 2021-07-09 Abstract Adversarial attacks pose a risk to machine learning (ML)-based network intrusion detection systems (NIDS). In this manner, it is of great significance to explore to what degree these methods can be viably utilized by potential adversaries. The majority of adversarial techniques are designed for unconstrained domains such as the image recognition domain, where these methods apply alterations to the pixels in a picture. Therefore, the applicability of these techniques to the NIDS domain is very limited. Related work on adversarial techniques for NIDS generally considers feature-space techniques, which cannot be applied in a practical situation since only the extracted network traffic features are modified and not the actual network traffic. To solve these limitations, a traffic-space approach for creating adversarial examples for evading ML-based NIDS is proposed and assessed with several classification models. The proposed constrained adversarial crafting method is based on the Iterative Fast Gradient Sign Method (IFGSM) and is called the Constrained Iterative Fast Gradient Sign Method (CIFGSM). A constraint set is added as a penalty term to the loss function of the optimization to ensure that the adversarial values remain within the valid space. Additionally, an L2 regularization term is used to minimize the distance between the original and adversarial network traffic samples. The proposed method is evaluated and shown to be an effective way for generating realistic and practical adversarial evasion packets. To achieve this, network packet components and their characteristics are defined as a constraint set which can be used for the optimization task and a custom adversarial loss function is created that encapsulates the different elements of this optimization problem. Furthermore, multiple models are evaluated to test the transferability of this method. Conclusively, the proposed method is evaluated in a realistic scenario, where adversarial packet captures are crafted and examined. Where other state-of-the art works only modify the network traffic features in feature-space or on a connection level only and do not apply their method in a real world scenario, this work modifies the packet captures on a per-packet level which is subsequently used to evaluate flow based classification models. Subject adversarialoptimizationnetwork trafficIntrusion Detection To reference this document use: http://resolver.tudelft.nl/uuid:cc3fa0f9-4750-45d3-8c15-970fc64ca69f Part of collection Student theses Document type master thesis Rights © 2021 Maria Simidžioski Files PDF Adversarial_Traffic_Modif ... Domain.pdf 3.4 MB Close viewer /islandora/object/uuid:cc3fa0f9-4750-45d3-8c15-970fc64ca69f/datastream/OBJ/view