A network security classifier defense: against adversarial machine learning attacks

Abstract

The discovery of practical adversarial machine learning (AML) attacks against machine learning-based wired and wireless network security detectors has driven the necessity of a defense. Without a defense mechanism against AML, attacks in wired and wireless networks will go unnoticed by network security classifiers resulting in their ineffectiveness. Therefore, it is essential to motivate a defense against AML attacks for network security classifiers. Existing AML defenses are generally within the context of image recognition. However, these AML defenses have limited transferability to a network security context. Unlike image recognition, a subject matter expert generally derives the features of a network security classifier. Therefore, a network security classifier requires a distinctive strategy for defense. We propose a novel defense-in-depth approach for network security classifiers using a hierarchical ensemble of classifiers, each using a disparate feature set. Subsequently we show the effective use of our hierarchical ensemble to defend an existing network security classifier against an AML attack. Additionally, we discover a novel set of features to detect network scanning activity. Lastly, we propose to enhance our AML defense approach in future work. A shortcoming of our approach is the increased cost to the defender for implementation of each independent classifier. Therefore, we propose combining our AML defense with a moving target defense approach. Additionally, we propose to evaluate our AML defense with a variety of datasets and classifiers and evaluate the effectiveness of decomposing a classifier with many features into multiple classifiers, each with a small subset of the features.