Visible to the public Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems

TitleEnhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsHashemi, M. J., Keller, E.
Conference Name2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Date PublishedNov. 2020
ISBN Number978-1-7281-8159-2
Keywordsadversarial example, adversarial example attack, adversarial setting, anomaly detection, anomaly-based NIDS, attacks network systems, composability, computer network security, Cyber Attacks, defense, denoising autoencoders, Intrusion Detection Systems, Malicious Traffic, Metrics, Monitoring, network attacks, network function virtualization, network intrusion detection, network intrusion detection system, Neural networks, noise reduction, pubcrawl, reconstruction from partial observation, resilience, Resiliency, Robustness, security of data, signature-based NIDS, software defined networking, software-defined network, telecommunication traffic, traffic traversing, Zero day attacks, Zero-day attacks

The increase of cyber attacks in both the numbers and varieties in recent years demands to build a more sophisticated network intrusion detection system (NIDS). These NIDS perform better when they can monitor all the traffic traversing through the network like when being deployed on a Software-Defined Network (SDN). Because of the inability to detect zero-day attacks, signature-based NIDS which were traditionally used for detecting malicious traffic are beginning to get replaced by anomaly-based NIDS built on neural networks. However, recently it has been shown that such NIDS have their own drawback namely being vulnerable to the adversarial example attack. Moreover, they were mostly evaluated on the old datasets which don't represent the variety of attacks network systems might face these days. In this paper, we present Reconstruction from Partial Observation (RePO) as a new mechanism to build an NIDS with the help of denoising autoencoders capable of detecting different types of network attacks in a low false alert setting with an enhanced robustness against adversarial example attack. Our evaluation conducted on a dataset with a variety of network attacks shows denoising autoencoders can improve detection of malicious traffic by up to 29% in a normal setting and by up to 45% in an adversarial setting compared to other recently proposed anomaly detectors.

Citation Keyhashemi_enhancing_2020