ABSTRACT
Interest in poisoning attacks and backdoors recently resurfaced for Deep Learning (DL) applications. Several successful defense mechanisms have been recently proposed for Convolutional Neural Networks (CNNs), for example in the context of autonomous driving. We show that visualization approaches can aid in identifying a backdoor independent of the used classifier. Surprisingly, we find that common defense mechanisms fail utterly to remove backdoors in DL for Intrusion Detection Systems (IDSs). Finally, we devise pruning-based approaches to remove backdoors for Decision Trees (DTs) and Random Forests (RFs) and demonstrate their effectiveness for two different network security datasets.
- D. W. Apley and J. Zhu. 2016. Visualizing the Effects of Predictor Variables in Black Box Supervised Learning Models. arXiv:1612.08468 [stat] (Dec. 2016). arXiv: 1612.08468.Google Scholar
- B. Biggio, I. Corona, G. Fumera, G. Giacinto, and F. Roli. 2011. Bagging classifiers for fighting poisoning attacks in adversarial environments. In 10th Int'l Workshop on Multiple Classifier Systems, volume 6713 of LNCS. Springer, Naples, Italy, 350--359.Google Scholar
- H. Chen, H. Zhang, D. Boning, and C.-J. Hsieh. 2019. Robust Decision Trees Against Adversarial Examples. In Proceedings of the 36th International Conference on Machine Learning. PMLR, Long Beach, CA, 1122--1131.Google Scholar
- F. Erlacher and F. Dressler. 2018. How to Test an IDS?: GENESIDS: An Automated System for Generating Attack Traffic. In Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity (WTMC '18). ACM, New York, NY, USA, 46--51. https://doi.org/10.1145/3229598.3229601 event-place: Budapest, Hungary.Google Scholar
- F. Esposito, D. Malerba, G. Semeraro, and J. Kay. 1997. A comparative analysis of methods for pruning decision trees. IEEE Transactions on Pattern Analysis and Machine Intelligence 19, 5 (May 1997), 476--491.Google ScholarDigital Library
- J. H. Friedman. 2001. Greedy Function Approximation: A Gradient Boosting Machine. The Annals of Statistics 29, 5 (2001), 1189--1232.Google ScholarCross Ref
- T. Gu, B. Dolan-Gavitt, and S. Garg. 2017. BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv:1708.06733 [cs] (Aug. 2017). arXiv: 1708.06733.Google Scholar
- K. Liu, B. Dolan-Gavitt, and S. Garg. 2018. Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks. arXiv:1805.12185 [cs] (May 2018). arXiv: 1805.12185.Google Scholar
- F. Meghdouri, T. Zseby, and F. Iglesias. 2018. Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic. Applied Sciences 8, 11 (Nov. 2018), 2196.Google ScholarCross Ref
- N. Moustafa and J. Slay. 2015. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS). 1--6.Google Scholar
- A. Paszke, S. Gross, S. Chintala, et al. 2017. Automatic differentiation in PyTorch. (2017), 4.Google Scholar
- F. Pedregosa, G. Varoquaux, A. Gramfort, et al. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (Oct. 2011), 2825--2830.Google ScholarDigital Library
- P. Russu, A. Demontis, B. Biggio, G. Fumera, and F. Roli. 2016. Secure Kernel Machines against Evasion Attacks. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security - ALSec '16. ACM Press, Vienna, Austria, 59--69.Google Scholar
- I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani. 2018. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy. SCITEPRESS, Funchal, Madeira, Portugal, 108--116.Google Scholar
- J. Sietsma. 1988. Neural net pruning-why and how. In Proceedings of the International Conference on Neural Networks. IEEE, San Diego, CA, 325--333.Google ScholarCross Ref
- G. Vormayr. 2019. go-flows. https://github.com/CN-TU/go-flows Commit 0816e6.Google Scholar
- Wikipedia. 2019. Convolutional neural network. https://en.wikipedia.org/w/index.php?title=Convolutional_neural_network&oldid=921208341 Page Version ID: 921208341.Google Scholar
- N. Williams, S. Zander, and G. Armitage. 2006. A Preliminary Performance Comparison of Five Machine Learning Algorithms for Practical IP Traffic Flow Classification. SIGCOMM Comput. Commun. Rev. 36, 5 (Oct. 2006), 5--16.Google ScholarDigital Library
- J. Yosinski, J. Clune, Y. Bengio, and H. Lipson. 2014. How transferable are features in deep neural networks? In Advances in Neural Information Processing Systems 27. MIT Press, 3320--3328.Google Scholar
Index Terms
- Walling up Backdoors in Intrusion Detection Systems
Recommendations
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Quantitative intrusion intensity assessment for intrusion detection systems
One of the main problems of existing approaches in anomaly detection in intrusion detection system (IDS) is that IDSs provide only binary detection result: intrusion (attack) or normal. If some attack data or normal data is belonged to boundary, they ...
Securing Collaborative Intrusion Detection Systems
One threat to collaborative intrusion detection systems (CIDSs) is statistic-poisoning attacks. In these attacks, adversaries inject incorrect security sensor reports to the system's repository to corrupt the published attack statistics. A novel, robust ...
Comments