Defending and mitigating the impact of targeted white-box adversarial attacks in computer network security
摘要
Ensuring the robustness of Network Intrusion Detection Systems (NIDS) against adversarial manipulation is an increasingly important problem in the field of computer network security today. Recent breakthroughs in adversarial machine learning have brought to light the vulnerability of NIDS that rely on deep learning models to carefully crafted perturbations, which could significantly degrade the detection and classification performance. In the present investigation, we carry out a systematic empirical investigation of targeted white box adversarial attacks upon a deep learning based multi-class NIDS. A DNN-based intrusion detection model is first evaluated in benign operational condition and then, is subjected to targeted adversarial perturbations introduced using the Fast Gradient Sign Method. To address the observed vulnerabilities, we follow Adversarial Training as a heuristic defence mechanism. All the experiments made use of a subset of the Canadian Institutes of Cybersecurity Intrusion Detection System benchmark data. The proposed NIDS achieves an accuracy of 97.11% in pre-attack conditions. When the model is fed with targeted adversarial perturbations, the classification accuracy decreases to a large degree to 33.27%, 52.15%, 37.89%, and 29.45% when the Benign, DDoS, DoS-Hulk, and PortScan classes are taken as the target, respectively. Incorporating Adversarial Training improves the robustness and increases the accuracy to 73.83%, 76.82%, 75.71% and 71.96% in respective targeted scenarios, although the recovery still depends on the class. Rather than present new attack or defence, this study presents a detailed empirical assessment of targeted adversarial vulnerability and defensive behaviour in a multi-class NIDS setting. The results highlight long-standing, class-specific, robustness gaps and provide insights that could be used to design more robust intrusion detection systems.