开启和关闭歧管:IIoT网络中对抗性攻击的生成和检测

IF 7.7 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Network and Computer Applications Pub Date : 2024-12-24 DOI:10.1016/j.jnca.2024.104102
Mohammad Al-Fawa’reh, Jumana Abu-khalaf, Naeem Janjua, Patryk Szewczyk
{"title":"开启和关闭歧管:IIoT网络中对抗性攻击的生成和检测","authors":"Mohammad Al-Fawa’reh, Jumana Abu-khalaf, Naeem Janjua, Patryk Szewczyk","doi":"10.1016/j.jnca.2024.104102","DOIUrl":null,"url":null,"abstract":"Network Intrusion Detection Systems (NIDS), which play a crucial role in defending Industrial Internet of Things (IIoT) networks, often utilize Deep Neural Networks (DNN) for their pattern recognition capabilities. However, these systems remain susceptible to sophisticated adversarial attacks, particularly on-manifold and off-manifold attacks, which skillfully evade detection. This paper addresses the limitations in existing research, focusing primarily on: the predominant focus on off-manifold attacks, while often overlooking subtler yet potent on-manifold attacks; a lack of consideration for the functional behavior of these attacks; reliance on detailed knowledge of the target NIDS for creating attacks; and the need for detailed knowledge about the creation process of adversarial attacks for effective detection. This paper introduces the Saliency Adversarial Autoencoder (SAAE), designed for generating on-manifold attacks through latent space perturbations. This dual-space perturbation approach enables SAAE to efficiently create stealthy attacks that blend with normal network behavior, posing significant challenges to state-of-the-art (SOTA) NIDS. To counter these advanced threats, we propose an attack-agnostic defence mechanism utilizing a fusion-based Autoencoder (AE) with disentangled representations. This defence is adept at detecting threats within the manifold, significantly enhancing NIDS robustness. Comparative assessments with SOTA DNN and Deep Reinforcement Learning (DRL) models highlight the effectiveness of our approach. The SAAE model markedly reduces True Positive Rates (TPR) in these systems. For DNNs, TPR dropped from 99.72% to 41.5%, and for DRLs, from 95.6% to 63.94%. Conversely, our defence model shows high TPR in detecting these attacks, registering 94% for DNNs and 92% for DRLs. Additionally, we release our dataset, named OOM-X-IIoTID<ce:cross-ref ref><ce:sup loc=\"post\">1</ce:sup></ce:cross-ref><ce:footnote><ce:label>1</ce:label><ce:note-para view=\"all\">The datasets can be found at the following link: <ce:inter-ref xlink:href=\"https://github.com/mohdah200/OOM-X-IIoTID\" xlink:type=\"simple\">https://github.com/mohdah200/OOM-X-IIoTID</ce:inter-ref>.</ce:note-para></ce:footnote>, which includes On/Off manifold adversarial attacks, a first in the field, to facilitate further research and development in cybersecurity.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"336 1","pages":""},"PeriodicalIF":7.7000,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks\",\"authors\":\"Mohammad Al-Fawa’reh, Jumana Abu-khalaf, Naeem Janjua, Patryk Szewczyk\",\"doi\":\"10.1016/j.jnca.2024.104102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network Intrusion Detection Systems (NIDS), which play a crucial role in defending Industrial Internet of Things (IIoT) networks, often utilize Deep Neural Networks (DNN) for their pattern recognition capabilities. However, these systems remain susceptible to sophisticated adversarial attacks, particularly on-manifold and off-manifold attacks, which skillfully evade detection. This paper addresses the limitations in existing research, focusing primarily on: the predominant focus on off-manifold attacks, while often overlooking subtler yet potent on-manifold attacks; a lack of consideration for the functional behavior of these attacks; reliance on detailed knowledge of the target NIDS for creating attacks; and the need for detailed knowledge about the creation process of adversarial attacks for effective detection. This paper introduces the Saliency Adversarial Autoencoder (SAAE), designed for generating on-manifold attacks through latent space perturbations. This dual-space perturbation approach enables SAAE to efficiently create stealthy attacks that blend with normal network behavior, posing significant challenges to state-of-the-art (SOTA) NIDS. To counter these advanced threats, we propose an attack-agnostic defence mechanism utilizing a fusion-based Autoencoder (AE) with disentangled representations. This defence is adept at detecting threats within the manifold, significantly enhancing NIDS robustness. Comparative assessments with SOTA DNN and Deep Reinforcement Learning (DRL) models highlight the effectiveness of our approach. The SAAE model markedly reduces True Positive Rates (TPR) in these systems. For DNNs, TPR dropped from 99.72% to 41.5%, and for DRLs, from 95.6% to 63.94%. Conversely, our defence model shows high TPR in detecting these attacks, registering 94% for DNNs and 92% for DRLs. Additionally, we release our dataset, named OOM-X-IIoTID<ce:cross-ref ref><ce:sup loc=\\\"post\\\">1</ce:sup></ce:cross-ref><ce:footnote><ce:label>1</ce:label><ce:note-para view=\\\"all\\\">The datasets can be found at the following link: <ce:inter-ref xlink:href=\\\"https://github.com/mohdah200/OOM-X-IIoTID\\\" xlink:type=\\\"simple\\\">https://github.com/mohdah200/OOM-X-IIoTID</ce:inter-ref>.</ce:note-para></ce:footnote>, which includes On/Off manifold adversarial attacks, a first in the field, to facilitate further research and development in cybersecurity.\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"336 1\",\"pages\":\"\"},\"PeriodicalIF\":7.7000,\"publicationDate\":\"2024-12-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1016/j.jnca.2024.104102\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1016/j.jnca.2024.104102","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

网络入侵检测系统(NIDS)在防御工业物联网(IIoT)网络中起着至关重要的作用,通常利用深度神经网络(DNN)来实现其模式识别功能。然而,这些系统仍然容易受到复杂的对抗性攻击,特别是流形和流形攻击,这些攻击巧妙地逃避了检测。本文解决了现有研究的局限性,主要集中在:主要关注非流形攻击,而往往忽略了微妙但强大的非流形攻击;缺乏对这些攻击的功能性行为的考虑;依赖对目标NIDS的详细了解来创建攻击;并且需要详细了解对抗性攻击的产生过程,以便进行有效的检测。本文介绍了显著性对抗自编码器(SAAE),该编码器设计用于通过潜在空间扰动产生流形攻击。这种双空间摄动方法使SAAE能够有效地创建与正常网络行为混合的隐形攻击,对最先进的(SOTA) NIDS构成重大挑战。为了应对这些高级威胁,我们提出了一种攻击不可知的防御机制,利用基于融合的自动编码器(AE)与解纠缠表示。这种防御擅长于检测歧管中的威胁,显著提高了NIDS的鲁棒性。与SOTA DNN和深度强化学习(DRL)模型的比较评估突出了我们方法的有效性。SAAE模型显著降低了这些系统的真阳性率(TPR)。dnn的TPR从99.72%下降到41.5%,drl的TPR从95.6%下降到63.94%。相反,我们的防御模型在检测这些攻击时显示出很高的TPR, dnn的TPR为94%,drl为92%。此外,我们发布了名为om - x - iiotid11的数据集,数据集可以在以下链接中找到:https://github.com/mohdah200/OOM-X-IIoTID.,其中包括开/关歧管对抗性攻击,这是该领域的第一个,以促进网络安全的进一步研究和开发。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks
Network Intrusion Detection Systems (NIDS), which play a crucial role in defending Industrial Internet of Things (IIoT) networks, often utilize Deep Neural Networks (DNN) for their pattern recognition capabilities. However, these systems remain susceptible to sophisticated adversarial attacks, particularly on-manifold and off-manifold attacks, which skillfully evade detection. This paper addresses the limitations in existing research, focusing primarily on: the predominant focus on off-manifold attacks, while often overlooking subtler yet potent on-manifold attacks; a lack of consideration for the functional behavior of these attacks; reliance on detailed knowledge of the target NIDS for creating attacks; and the need for detailed knowledge about the creation process of adversarial attacks for effective detection. This paper introduces the Saliency Adversarial Autoencoder (SAAE), designed for generating on-manifold attacks through latent space perturbations. This dual-space perturbation approach enables SAAE to efficiently create stealthy attacks that blend with normal network behavior, posing significant challenges to state-of-the-art (SOTA) NIDS. To counter these advanced threats, we propose an attack-agnostic defence mechanism utilizing a fusion-based Autoencoder (AE) with disentangled representations. This defence is adept at detecting threats within the manifold, significantly enhancing NIDS robustness. Comparative assessments with SOTA DNN and Deep Reinforcement Learning (DRL) models highlight the effectiveness of our approach. The SAAE model markedly reduces True Positive Rates (TPR) in these systems. For DNNs, TPR dropped from 99.72% to 41.5%, and for DRLs, from 95.6% to 63.94%. Conversely, our defence model shows high TPR in detecting these attacks, registering 94% for DNNs and 92% for DRLs. Additionally, we release our dataset, named OOM-X-IIoTID11The datasets can be found at the following link: https://github.com/mohdah200/OOM-X-IIoTID., which includes On/Off manifold adversarial attacks, a first in the field, to facilitate further research and development in cybersecurity.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Network and Computer Applications
Journal of Network and Computer Applications 工程技术-计算机:跨学科应用
CiteScore
21.50
自引率
3.40%
发文量
142
审稿时长
37 days
期刊介绍: The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.
期刊最新文献
ALB-TP: Adaptive Load Balancing based on Traffic Prediction using GRU-Attention for Software-Defined DCNs On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks Light up that Droid! On the effectiveness of static analysis features against app obfuscation for Android malware detection Clusters in chaos: A deep unsupervised learning paradigm for network anomaly detection Consensus hybrid ensemble machine learning for intrusion detection with explainable AI
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1