Existing adversarial attacks often lack explainability, making it challenging to understand how these attacks bypass detection. Moreover, these attacks focus on bypassing Network Intrusion Detection Systems (NIDS) detection while neglecting the characteristics of different attack types and employing a unified perturbation method, which may compromise the attacks’ functionality in real-world scenarios. To address these challenges, we propose FATFI, a framework designed to generate adversarial traffic with feature interpretability, thereby enhancing attack effectiveness. FATFI employs a multi-level hybrid explanation method, analyzing both global and local feature importance and evaluating feature stability using the Coefficient of Variation (CV) to rank features. By perturbing packets and observing feature changes, FATFI generate feature combinations and determine the optimal perturbation strategy through a scoring mechanism. FATFI then applies these perturbations to traffic using deep learning (DL) models trained on benign characteristics. This ensures the modified traffic evades NIDS detection. We evaluate FATFI on intrusion attacks using public network datasets and seven NIDS. The experimental results demonstrate that FATFI outperforms baseline feature selection techniques in feature evasion, achieving an average improvement of up to 24.56% compared to prior studies. In terms of traffic evasion, FATFI achieves an Evasion Increase Rate (EIR) of 99.47%, while also validating the effectiveness of adversarial traffic in real-world scenarios.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

FATFI: A Framework to Generate Adversarial Traffic with Feature Interpretability

  • Yikang Wang,
  • Weina Niu,
  • Dujuan Gu,
  • Qingjun Yuan,
  • Jiacheng Gong,
  • Shuangqi Gan,
  • Xin Lin,
  • Xiaosong Zhang

摘要

Existing adversarial attacks often lack explainability, making it challenging to understand how these attacks bypass detection. Moreover, these attacks focus on bypassing Network Intrusion Detection Systems (NIDS) detection while neglecting the characteristics of different attack types and employing a unified perturbation method, which may compromise the attacks’ functionality in real-world scenarios. To address these challenges, we propose FATFI, a framework designed to generate adversarial traffic with feature interpretability, thereby enhancing attack effectiveness. FATFI employs a multi-level hybrid explanation method, analyzing both global and local feature importance and evaluating feature stability using the Coefficient of Variation (CV) to rank features. By perturbing packets and observing feature changes, FATFI generate feature combinations and determine the optimal perturbation strategy through a scoring mechanism. FATFI then applies these perturbations to traffic using deep learning (DL) models trained on benign characteristics. This ensures the modified traffic evades NIDS detection. We evaluate FATFI on intrusion attacks using public network datasets and seven NIDS. The experimental results demonstrate that FATFI outperforms baseline feature selection techniques in feature evasion, achieving an average improvement of up to 24.56% compared to prior studies. In terms of traffic evasion, FATFI achieves an Evasion Increase Rate (EIR) of 99.47%, while also validating the effectiveness of adversarial traffic in real-world scenarios.