Cao Phan Xuan Qui, Dang Hong Quang, Phan The Duy, Do Thi Thu Hien, V. Pham
{"title":"Strengthening IDS against Evasion Attacks with GAN-based Adversarial Samples in SDN-enabled network","authors":"Cao Phan Xuan Qui, Dang Hong Quang, Phan The Duy, Do Thi Thu Hien, V. Pham","doi":"10.1109/RIVF51545.2021.9642111","DOIUrl":null,"url":null,"abstract":"With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS’s capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.","PeriodicalId":6860,"journal":{"name":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","volume":"64 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RIVF51545.2021.9642111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS’s capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.