Adversarial attacks against network intrusion detection in IoT systems
Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these syste...
Saved in:
Main Authors: | , , , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2022
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/159849 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-159849 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1598492022-07-04T07:52:05Z Adversarial attacks against network intrusion detection in IoT systems Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang School of Computer Science and Engineering Engineering::Computer science and engineering Feature Extraction Computational Modeling Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate. 2022-07-04T07:52:05Z 2022-07-04T07:52:05Z 2020 Journal Article Qiu, H., Dong, T., Zhang, T., Lu, J., Memmi, G. & Qiu, M. (2020). Adversarial attacks against network intrusion detection in IoT systems. IEEE Internet of Things Journal, 8(13), 10327-10335. https://dx.doi.org/10.1109/JIOT.2020.3048038 2327-4662 https://hdl.handle.net/10356/159849 10.1109/JIOT.2020.3048038 2-s2.0-85099107269 13 8 10327 10335 en IEEE Internet of Things Journal © 2020 IEEE. All rights reserved. |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering Feature Extraction Computational Modeling |
spellingShingle |
Engineering::Computer science and engineering Feature Extraction Computational Modeling Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang Adversarial attacks against network intrusion detection in IoT systems |
description |
Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate. |
author2 |
School of Computer Science and Engineering |
author_facet |
School of Computer Science and Engineering Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang |
format |
Article |
author |
Qiu, Han Dong, Tian Zhang, Tianwei Lu, Jialiang Memmi, Gerard Qiu, Meikang |
author_sort |
Qiu, Han |
title |
Adversarial attacks against network intrusion detection in IoT systems |
title_short |
Adversarial attacks against network intrusion detection in IoT systems |
title_full |
Adversarial attacks against network intrusion detection in IoT systems |
title_fullStr |
Adversarial attacks against network intrusion detection in IoT systems |
title_full_unstemmed |
Adversarial attacks against network intrusion detection in IoT systems |
title_sort |
adversarial attacks against network intrusion detection in iot systems |
publishDate |
2022 |
url |
https://hdl.handle.net/10356/159849 |
_version_ |
1738844907611619328 |