Adversarial attacks against network intrusion detection in IoT systems

Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these syste...

Full description

Saved in:
Bibliographic Details
Main Authors: Qiu, Han, Dong, Tian, Zhang, Tianwei, Lu, Jialiang, Memmi, Gerard, Qiu, Meikang
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2022
Subjects:
Online Access:https://hdl.handle.net/10356/159849
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-159849
record_format dspace
spelling sg-ntu-dr.10356-1598492022-07-04T07:52:05Z Adversarial attacks against network intrusion detection in IoT systems Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang School of Computer Science and Engineering Engineering::Computer science and engineering Feature Extraction Computational Modeling Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate. 2022-07-04T07:52:05Z 2022-07-04T07:52:05Z 2020 Journal Article Qiu, H., Dong, T., Zhang, T., Lu, J., Memmi, G. & Qiu, M. (2020). Adversarial attacks against network intrusion detection in IoT systems. IEEE Internet of Things Journal, 8(13), 10327-10335. https://dx.doi.org/10.1109/JIOT.2020.3048038 2327-4662 https://hdl.handle.net/10356/159849 10.1109/JIOT.2020.3048038 2-s2.0-85099107269 13 8 10327 10335 en IEEE Internet of Things Journal © 2020 IEEE. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Feature Extraction
Computational Modeling
spellingShingle Engineering::Computer science and engineering
Feature Extraction
Computational Modeling
Qiu, Han
Dong, Tian
Zhang, Tianwei
Lu, Jialiang
Memmi, Gerard
Qiu, Meikang
Adversarial attacks against network intrusion detection in IoT systems
description Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate.
author2 School of Computer Science and Engineering
author_facet School of Computer Science and Engineering
Qiu, Han
Dong, Tian
Zhang, Tianwei
Lu, Jialiang
Memmi, Gerard
Qiu, Meikang
format Article
author Qiu, Han
Dong, Tian
Zhang, Tianwei
Lu, Jialiang
Memmi, Gerard
Qiu, Meikang
author_sort Qiu, Han
title Adversarial attacks against network intrusion detection in IoT systems
title_short Adversarial attacks against network intrusion detection in IoT systems
title_full Adversarial attacks against network intrusion detection in IoT systems
title_fullStr Adversarial attacks against network intrusion detection in IoT systems
title_full_unstemmed Adversarial attacks against network intrusion detection in IoT systems
title_sort adversarial attacks against network intrusion detection in iot systems
publishDate 2022
url https://hdl.handle.net/10356/159849
_version_ 1738844907611619328