%0 Conference Proceedings
%T Subverting Network Intrusion Detection: Crafting Adversarial Examples Accounting for Domain-Specific Constraints
%+ Austrian Institute of Technology [Vienna] (AIT)
%A Teuffenbach, Martin
%A Piatkowska, Ewa
%A Smith, Paul
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 4th International Cross-Domain Conference for Machine Learning and Knowledge Extraction (CD-MAKE)
%C Dublin, Ireland
%Y Andreas Holzinger
%Y Peter Kieseberg
%Y A Min Tjoa
%Y Edgar Weippl
%I Springer International Publishing
%3 Machine Learning and Knowledge Extraction
%V LNCS-12279
%P 301-320
%8 2020-08-25
%D 2020
%R 10.1007/978-3-030-57321-8_17
%K Network intrusion detection
%K Deep neural networks
%K Adversarial examples
%K Adversarial robustness
%Z Computer Science [cs]
%Z Humanities and Social Sciences/Library and information sciencesConference papers
%X Deep Learning (DL) algorithms are being applied to network intrusion detection, as they can outperform other methods in terms of computational efficiency and accuracy. However, these algorithms have recently been found to be vulnerable to adversarial examples – inputs that are crafted with the intent of causing a Deep Neural Network (DNN) to misclassify with high confidence. Although a significant amount of work has been done to find robust defence techniques against adversarial examples, they still pose a potential risk. The majority of the proposed attack and defence strategies are tailored to the computer vision domain, in which adversarial examples were first found. In this paper, we consider this issue in the Network Intrusion Detection System (NIDS) domain and extend existing adversarial example crafting algorithms to account for the domain-specific constraints in the feature space. We propose to incorporate information about the difficulty of feature manipulation directly in the optimization function. Additionally, we define a novel measure for attack cost and include it in the assessment of the robustness of DL algorithms. We validate our approach on two benchmark datasets and demonstrate successful attacks against state-of-the-art DL network intrusion detection algorithms.
%G English
%Z TC 5
%Z TC 8
%Z TC 12
%Z WG 8.4
%Z WG 8.9
%Z WG 12.9
%2 https://inria.hal.science/hal-03414751/document
%2 https://inria.hal.science/hal-03414751/file/497121_1_En_17_Chapter.pdf
%L hal-03414751
%U https://inria.hal.science/hal-03414751
%~ SHS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC5
%~ IFIP-WG
%~ IFIP-TC12
%~ IFIP-TC8
%~ IFIP-WG8-4
%~ IFIP-WG8-9
%~ IFIP-CD-MAKE
%~ IFIP-WG12-9
%~ IFIP-LNCS-12279