Adversarial attacks against network intrusion detection in IoT systems
Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these syste...
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Journal Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/159849 |
| _version_ | 1811693563409334272 |
|---|---|
| author | Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang |
| author2 | School of Computer Science and Engineering |
| author_facet | School of Computer Science and Engineering Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang |
| author_sort | Qiu, Han |
| collection | NTU |
| description | Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate. |
| first_indexed | 2024-10-01T06:53:40Z |
| format | Journal Article |
| id | ntu-10356/159849 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T06:53:40Z |
| publishDate | 2022 |
| record_format | dspace |
| spelling | ntu-10356/1598492022-07-04T07:52:05Z Adversarial attacks against network intrusion detection in IoT systems Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang School of Computer Science and Engineering Engineering::Computer science and engineering Feature Extraction Computational Modeling Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate. 2022-07-04T07:52:05Z 2022-07-04T07:52:05Z 2020 Journal Article Qiu, H., Dong, T., Zhang, T., Lu, J., Memmi, G. & Qiu, M. (2020). Adversarial attacks against network intrusion detection in IoT systems. IEEE Internet of Things Journal, 8(13), 10327-10335. https://dx.doi.org/10.1109/JIOT.2020.3048038 2327-4662 https://hdl.handle.net/10356/159849 10.1109/JIOT.2020.3048038 2-s2.0-85099107269 13 8 10327 10335 en IEEE Internet of Things Journal © 2020 IEEE. All rights reserved. |
| spellingShingle | Engineering::Computer science and engineering Feature Extraction Computational Modeling Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang Adversarial attacks against network intrusion detection in IoT systems |
| title | Adversarial attacks against network intrusion detection in IoT systems |
| title_full | Adversarial attacks against network intrusion detection in IoT systems |
| title_fullStr | Adversarial attacks against network intrusion detection in IoT systems |
| title_full_unstemmed | Adversarial attacks against network intrusion detection in IoT systems |
| title_short | Adversarial attacks against network intrusion detection in IoT systems |
| title_sort | adversarial attacks against network intrusion detection in iot systems |
| topic | Engineering::Computer science and engineering Feature Extraction Computational Modeling |
| url | https://hdl.handle.net/10356/159849 |
| work_keys_str_mv | AT qiuhan adversarialattacksagainstnetworkintrusiondetectioniniotsystems AT dongtian adversarialattacksagainstnetworkintrusiondetectioniniotsystems AT zhangtianwei adversarialattacksagainstnetworkintrusiondetectioniniotsystems AT lujialiang adversarialattacksagainstnetworkintrusiondetectioniniotsystems AT memmigerard adversarialattacksagainstnetworkintrusiondetectioniniotsystems AT qiumeikang adversarialattacksagainstnetworkintrusiondetectioniniotsystems |