• norsk
    • English
  • norsk 
    • norsk
    • English
  • Logg inn
Vis innførsel 
  •   Hjem
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • Vis innførsel
  •   Hjem
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • Vis innførsel
JavaScript is disabled for your browser. Some features of this site may not work without it.

Evading a Machine Learning-based Intrusion Detection System through Adversarial Perturbations

Fladby, Torgeir; Haugerud, Hårek; Nichele, Stefano; Begnum, Kyrre; Yazidi, Anis
Chapter
Accepted version
Thumbnail
Åpne
Fladby (641.0Kb)
Permanent lenke
https://hdl.handle.net/11250/2729788
Utgivelsesdato
2020
Metadata
Vis full innførsel
Samlinger
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1640]
  • Publikasjoner fra CRIStin - NTNU [21809]
Originalversjon
10.1145/3400286.3418252
Sammendrag
Machine-learning based Intrusion Detection and Prevention Systems provide significant value to organizations because they can efficiently detect previously unseen variations of known threats, new threats related to known malware or even zero-day malware, unrelated to any other known threats. However, while such systems prove invaluable to security personnel, researchers have observed that data subject to inspection by behavioral analysis can be perturbed in order to evade detection.

We investigated the use of adversarial techniques for adapting the communication patterns between botnet malware and control unit in order to evaluate the robustness of an existing Network Behavioral Analysis solution. We implemented a packet parser that let us extract and edit certain properties of network flows and automated an approach for conducting a grey-box testing scheme of Stratosphere Linux IPS. As part of our implementation, we provided several techniques for providing perturbation to network flow parameters, including a Simultaneous Perturbation Stochastic Approximation method, which was able to produce sufficiently perturbed network flow patterns while adhering to an underlying objective function.

Our results showed that network flow parameters could indeed be perturbed to ultimately enable evasion of intrusion detection based on the detection models that were used with the Intrusion Detection System. Additionally, we demonstrated that it was possible to combine evading detection with techniques for optimization problems that aimed to minimize the magnitude of perturbation to network flows, effectively enabling adaptive network flow behavior.
Utgiver
ACM

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit
 

 

Bla i

Hele arkivetDelarkiv og samlingerUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifterDenne samlingenUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifter

Min side

Logg inn

Statistikk

Besøksstatistikk

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit