VulnerGAN: a backdoor attack through vulnerability amplification against machine learning-based network intrusion detection systems

Yang J, Johansson T. An overview of cryptographic primitives for possible use in 5G and beyond. Sci China Inf Sci, 2020, 63: 220301 Dong Y, Zhang Y Q, Ma H, et al. An adaptive system for detecting malicious queries in web attacks. Sci China Inf Sci, 2018, 61: 032114 Zhang X Z, Zhu X J, Lessard L. Online data poisoning attacks. In: Proceedings of Learning for Dynamics and Control (PMLR), 2020. 201–210 Lin J Y, Xu L, Liu Y Q, et al. Black-box adversarial sample generation based on differential evolution. J Syst Softw, 2020, 170: 110767 Mirsky Y, Doitshman T, Elovici Y, et al. Kitsune: an ensemble of autoencoders for online network intrusion detection. Mach Learn, 2018, 5: 2 Elmasry W, Akbulut A, Zaim A H. Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput Netw, 2020, 168: 107042 Ring M, Wunderlich S, Scheuring D, et al. A survey of network-based intrusion detection data sets. Comput Secur, 2019, 86: 147–167 Nasr M, Bahramali A, Houmansadr A. Defeating DNN-based traffic analysis systems in real-time with blind adversarial perturbations. In: Proceedings of the 30th USENIX Security Symposium, 2021. 2705–2722 Stinson E, Mitchell J C. Towards systematic evaluation of the evadability of bot/botnet detection methods. In: Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies (WOOT’08), San Jose, 2008. 1–9 Homoliak I, Teknos M, Ochoa M, et al. Improving network intrusion detection classifiers by non-payload-based exploit-independent obfuscations: an adversarial approach. 2018. ArXiv:1805.02684 Hashemi M J, Cusack G, Keller E. Towards evaluation of nidss in adversarial setting. In: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, Orlando, 2019. 14–21 Aiken J, Scott-Hayward S. Investigating adversarial attacks against network intrusion detection systems in sdns. In: Proceedings of IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Dallas, 2019. 1–7 Usama M, Asim M, Latif S, et al. Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: Proceedigns of the 15th International Wireless Communications & Mobile Computing Conference (IWCMC), Tangier, 2019. 78–83 Han D Q, Wang Z L, Zhong Y, et al. Practical traffic-space adversarial attacks on learning-based nidss. 2020. ArXiv:2005.07519 Szegedy C, Zaremba W, Sutskever I, et al. Intriguing properties of neural networks. In: Proceedigns of the 2nd International Conference on Learning Representations (ICLR 2014), Banff, 2014 Khamis R A, Shafiq M O, Matrawy A. Investigating resistance of deep learning-based IDS against adversaries using min-max optimization. In: Proceedigns of IEEE International Conference on Communications (ICC), 2020. 1–7 Duy P T, Tien L K, Khoa N H, et al. DIGFuPAS: deceive IDS with GAN and function-preserving on adversarial samples in SDN-enabled networks. Comput Secur, 2021, 109: 102367 Ozdag M. Adversarial attacks and defenses against deep neural networks: a survey. Procedia Comput Sci, 2018, 140: 152–161 Chung S P, Mok A K. Allergy attack against automatic signa-ture generation. In: Proceedings of International Workshop on Recent Advances in Intrusion Detection, 2006. 61–80 Nelson B, Joseph A D. Bounding an attack’s complexity for a simple learning model. In: Proceedigns of the 1st Workshop on Tackling Computer Systems Problems with Machine Learning Techniques (SysML), Saint-Malo, 2006 Rubinstein B I P, Nelson B, Huang L, et al. Antidote: un-derstanding and defending against poisoning of anomaly detec-tors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, Chicago, 2009. 1–14 Kloft M, Laskov P. Online anomaly detection under adver-sarial impact. In: Proceedings of the 13th International Conference on Artificial Intelligence and Statistics, 2010. 405–412 Li P, Liu Q, Zhao W T, et al. Chronic poisoning against machine learning based IDSs using edge pattern detection. In: Proceedings of IEEE International Conference on Communications (ICC), Kansas City, 2018. 1–7 Li P, Zhao W T, Liu Q, et al. Poisoning machine learning based wireless IDSs via stealing learning model. In: Proceedings of International Conference on Wireless Algorithms, Systems, and Applications, Tianjin, 2018. 261–273 Yuan X, He P, Zhu Q, et al. Adversarial examples: attacks and defenses for deep learning. IEEE Trans Neural Netw Learn Syst, 2019, 30: 2805–2824 Clements J, Yang Y, Sharma A, et al. Rallying adversarial techniques against deep learning for network security. 2019. ArXiv:1903.11688 Alhajjar E, Maxwell P, Bastian N D. Adversarial machine learning in network intrusion detection systems. 2020. ArXiv:2004.11898 Rigaki M, Garcia S. Bringing a GAN to a knife-fight: adapting malware communication to avoid detection. In: Proceedings of IEEE Security and Privacy Workshops (SPW), San Francisco, 2018. 70–75 Charlier J, Singh A, Ormazabal G, et al. SynGAN: towards generating synthetic network attacks using GANs. 2019. ArXiv:1908.09899 Pan Y M, Lin J J. Generation and verification of malicious network flow based on generative adversarial networks. Chem J Chinese U, 2019, 45: 344–350 Gu T, Dolan-Gavitt B, Garg S. Badnets: identifying vulnerabilities in the machine learning model supply chain. 2017. ArXiv:1708.06733 Parveen P, Weger Z R, Thuraisingham B, et al. Supervised learning for insider threat detection using stream mining. In: Proceedings of the 23rd International Conference on Tools with Artificial Intelligence, Boca Raton, 2011. 1032–1039 Park S, Seo S, Jeong C, et al. Online eigenvector transformation reflecting concept drift for improving network intrusion detection. Expert Syst, 2020, 37: 12477 Li G X, Shen Y L, Zhao P, et al. Detecting cyberattacks in industrial control systems using online learning algorithms. Neurocomputing, 2019, 364: 338–348 Anthi E, Williams L, Rhode M, et al. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. J Inf Secur Appl, 2021, 58: 102717 Tramèr F, Zhang F, Juels A, et al. Stealing machine learning models via prediction APIS. In: Proceedings of the 25th USENIX Security Symposium, Austin, 2016. 601–618 Salem A, Bhattacharya A, Backes M, et al. Updates-leak: data set inference and reconstruction attacks in online learning. In: Proceedings of the 29th USENIX Security Symposium, 2020. 1291–1308 Liang J, Ma M, Sadiq M, et al. A filter model for intrusion detection system in vehicle ad hoc networks: a hidden Markov methodology. Knowl-Based Syst, 2019, 163: 611–623 Goodfellow I J, Pouget-Abadie J, Mirza M, et al. Generative adversarial networks. 2014. ArXiv:1406.2661 Qu Y Y, Zhang J W, Li R D, et al. Generative adversarial networks enhanced location privacy in 5G networks. Sci China Inf Sci, 2020, 63: 220303 Russakovsky O, Deng J, Su H, et al. ImageNet large scale visual recognition challenge. Int J Comput Vis, 2015, 115: 211–252 Sharafaldin I, Lashkari A H, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of International Conference on Information Systems Security and Privacy (ICISSP), Funchal, 2018. 108–116 McAfee Labs. McAfee labs threats reports. 2021. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-threats-jun-2021.pdf Singh M, Singh M, Kaur S. Issues and challenges in DNS based botnet detection: a survey. Comput Secur, 2019, 86: 28–52 Wang W, Shang Y Y, He Y Z, et al. BotMark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf Sci, 2020, 511: 284–296