nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

An Adversarial Robustness Benchmark for Enterprise Network Intrusion Detection

verfasst von : João Vitorino, Miguel Silva, Eva Maia, Isabel Praça

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

As cyber-attacks become more sophisticated, improving the robustness of Machine Learning (ML) models must be a priority for enterprises of all sizes. To reliably compare the robustness of different ML models for cyber-attack detection in enterprise computer networks, they must be evaluated in standardized conditions. This work presents a methodical adversarial robustness benchmark of multiple decision tree ensembles with constrained adversarial examples generated from standard datasets. The robustness of regularly and adversarially trained RF, XGB, LGBM, and EBM models was evaluated on the original CICIDS2017 dataset, a corrected version of it designated as NewCICIDS, and the HIKARI dataset, which contains more recent network traffic. NewCICIDS led to models with a better performance, especially XGB and EBM, but RF and LGBM were less robust against the more recent cyber-attacks of HIKARI. Overall, the robustness of the models to adversarial cyber-attack examples was improved without their generalization to regular traffic being affected, enabling a reliable detection of suspicious activity without costly increases of false alarms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Securing Smart Vehicles Through Federated Learning

European Union Agency for Cybersecurity, Christoforatos, N., Lella, I., Rekleitis, E., Van Heurck, C., Zacharis, A.: Cyber Europe 2022: After Action Report (2022). https://doi.org/10.2824/397622

European Union Agency for Cybersecurity, et al.: ENISA Threat Landscape 2022 (2022). https://doi.org/10.2824/764318

Liu, H., Lang, Bo.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9(20), 4396 (2019). https://doi.org/10.3390/app9204396CrossRef

Vitorino, J., Andrade, R., Praça, I., Sousa, O., Maia, E.: A comparative analysis of machine learning techniques for IoT intrusion detection. In: Aïmeur, E., Laurent, M., Yaich, R., Dupont, B., Garcia-Alfaro, J. (eds.) Foundations and Practice of Security: 14th International Symposium, FPS 2021, Paris, France, December 7–10, 2021, Revised Selected Papers, pp. 191–207. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08147-7_13CrossRef

Alotaibi, A., Rassam, M.A.: Adversarial machine learning attacks against intrusion detection systems: a survey on strategies and defense. Fut. Internet 15(2), 62 (2023). https://doi.org/10.3390/fi15020062CrossRef

Rosenberg, I., Shabtai, A., Elovici, Y., Rokach, L.: Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv. 54(5), 1–36 (2021). https://doi.org/10.1145/3453158CrossRef

Martins, N., Cruz, J.M., Cruz, T., Abreu, P.H.: Adversarial machine learning applied to intrusion and malware scenarios: a systematic review. IEEE Access 8, 35403–35419 (2020). https://doi.org/10.1109/ACCESS.2020.2974752CrossRef

Vitorino, J., Dias, T., Fonseca, T., Maia, E., Praça, I.: Constrained adversarial learning and its applicability to automated software testing: a systematic review. arXiv (2023). https://doi.org/10.48550/arXiv.2303.07546

Apruzzese, G., Andreolini, M., Ferretti, L., Marchetti, M., Colajanni, M.: Modeling realistic adversarial attacks against network intrusion detection systems. Digit. Threats Res. Pract. 3(3), 1–19 (2022). https://doi.org/10.1145/3469659CrossRef

10.

Vitorino, J., Praça, I., Maia, E.: SoK: realistic adversarial attacks and defenses for intelligent network intrusion detection. Comput. Secur. 134, 103433 (2023). https://doi.org/10.1016/j.cose.2023.103433CrossRef

11.

Ho, S., Jufout, S.A., Dajani, K., Mozumdar, M.: A novel intrusion detection model for detecting known and innovative cyberattacks using convolutional neural network. IEEE Open J. Comput. Soc. 2, 14–25 (2021). https://doi.org/10.1109/OJCS.2021.3050917CrossRef

12.

Rodríguez, M., Alesanco, Á., Mehavilla, L., García, J.: Evaluation of machine learning techniques for traffic flow-based intrusion detection. Sensors 22(23), 9326 (2022). https://doi.org/10.3390/s22239326CrossRef

13.

Abdulhammed, R., Musafer, H., Alessa, A., Faezipour, M., Abuzneid, A.: Features dimensionality reduction approaches for machine learning based network intrusion detection. Electronics 8(3), 322 (2019). https://doi.org/10.3390/electronics8030322CrossRef

14.

Lanvin, M., Gimenez, P.-F., Han, Y., Majorczyk, F., Mé, L., Totel, É.: Errors in the CICIDS2017 dataset and the significant differences in detection performances it makes. In: Kallel, S., Jmaiel, M., Zulkernine, M., Kacem, A.H., Cuppens, F., Cuppens, N. (eds.) Risks and Security of Internet and Systems: 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7–9, 2022, Revised Selected Papers, pp. 18–33. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-31108-6_2CrossRef

15.

Liu, L., Engelen, G., Lynar, T., Essam, D., Joosen, W.: Error prevalence in NIDS datasets: a case study on CIC-IDS-2017 and CSE-CIC-IDS-2018. In: 2022 IEEE Conference on Communications and Network Security (CNS), IEEE, October 2022, pp. 254–262 (2022). https://doi.org/10.1109/CNS56114.2022.9947235

16.

Catillo, M., Del Vecchio, A., Pecchia, A., Villano, U.: A case study with CICIDS2017 on the robustness of machine learning against adversarial attacks in intrusion detection. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, pp. 1–8 (2023)

17.

McCarthy, A., Ghadafi, E., Andriotis, P., Legg, P.: Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: a survey. J. Cybersecur. Priv. 2(1), 154–190 (2022). https://doi.org/10.3390/jcp2010010CrossRef

18.

Fernandes, R., Lopes, N.: Network intrusion detection packet classification with the HIKARI-2021 dataset: a study on ML algorithms. In: 10th International Symposium on Digital Forensics and Security, ISDFS 2022, Institute of Electrical and Electronics Engineers Inc. (2022). https://doi.org/10.1109/ISDFS55398.2022.9800807

19.

Louk, M.H.L., Tama, B.A.: Dual-IDS: A bagging-based gradient boosting decision tree model for network anomaly intrusion detection system. Exp. Syst. Appl. 213, 119030 (2023). https://doi.org/10.1016/j.eswa.2022.119030CrossRef

20.

Kabla, A.H.H., Thamrin, A.H., Anbar, M., Manickam, S., Karuppayah, S.: PeerAmbush: multi-layer perceptron to detect peer-to-peer botnet. Symmetry 14(12), 2483 (2022). https://doi.org/10.3390/sym14122483CrossRef

21.

Wang, L., Cheng, Z., Lv, Q., Wang, Y., Zhang, S., Huang, W.: ACG: attack classification on encrypted network traffic using graph convolution attention networks. Institute of Electrical and Electronics Engineers (IEEE), June 2023, pp. 47–52 (2023). https://doi.org/10.1109/cscwd57460.2023.10152599

22.

Kwon, D., Neagu, R.M., Rasakonda, P., Ryu, J.T., Kim, J.: Evaluating unbalanced network data for attack detection. In: Proceedings of the 2023 on Systems and Network Telemetry and Analytics, SNTA 2023, July 2023, pp. 23–26. Association for Computing Machinery, Inc. (2023). https://doi.org/10.1145/3589012.3594898

23.

Koda, S., Morikawa, I.: OOD-robust boosting tree for intrusion detection systems. In: Proceedings of the International Joint Conference on Neural Networks. Institute of Electrical and Electronics Engineers Inc. (2023). https://doi.org/10.1109/IJCNN54540.2023.10191603

24.

Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, SciTePress, 2018, pp. 108–116 (2018). https://doi.org/10.5220/0006639801080116

25.

CICFlowMeter Canadian Institute for Cybersecurity. https://www.unb.ca/cic/research/applications.html#CICFlowMeter. Accessed 09 Dec 2022

26.

Ferriyan, A., Thamrin, A.H., Takeda, K., Murai, J.: Generating network intrusion detection dataset based on real and encrypted synthetic attack traffic. Appl. Sci. 11(17), 7868 (2021). https://doi.org/10.3390/app11177868CrossRef

27.

Fernandes, R., Silva, J., Ribeiro, O., Portela, I., Lopes, N.: The impact of identifiable features in ML classification algorithms with the HIKARI-2021 dataset. In: 11th International Symposium on Digital Forensics and Security, ISDFS 2023. Institute of Electrical and Electronics Engineers Inc. (2023). https://doi.org/10.1109/ISDFS58141.2023.10131864

28.

Vitorino, J., Praça, I., Maia, E.: Towards adversarial realism and robust learning for IoT intrusion detection and classification. Ann. Telecommun. 78(7–8), 401–412 (2023). https://doi.org/10.1007/s12243-023-00953-yCrossRef

29.

Vitorino, J., Oliveira, N., Praça, I.: Adaptative perturbation patterns: realistic adversarial learning for robust intrusion detection. Fut. Internet 14(4), 108 (2022). https://doi.org/10.3390/fi14040108CrossRef

30.

Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001). https://doi.org/10.1023/A:1010933404324CrossRef

31.

Chen, T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 13–17 August, pp. 785–794 (2016). https://doi.org/10.1145/2939672.2939785

32.

Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. In: Advances in Neural Information Processing Systems (NIPS), 2017 December, pp. 3147–3155 (2017)

33.

Lou, Y., Caruana, R., Gehrke, J.: Intelligible models for classification and regression. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2012, pp. 150–158. Association for Computing Machinery, New York (2012). https://doi.org/10.1145/2339530.2339556

34.

Nori, H., Jenkins, S., Koch, P., Caruana, R.: InterpretML: a unified framework for machine learning interpretability (2019)

Titel: An Adversarial Robustness Benchmark for Enterprise Network Intrusion Detection
verfasst von: João Vitorino
Miguel Silva
Eva Maia
Isabel Praça
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner