ABSTRACT
The discovery of practical adversarial machine learning (AML) attacks against machine learning-based wired and wireless network security detectors has driven the necessity of a defense. Without a defense mechanism against AML, attacks in wired and wireless networks will go unnoticed by network security classifiers resulting in their ineffectiveness. Therefore, it is essential to motivate a defense against AML attacks for network security classifiers. Existing AML defenses are generally within the context of image recognition. However, these AML defenses have limited transferability to a network security context. Unlike image recognition, a subject matter expert generally derives the features of a network security classifier. Therefore, a network security classifier requires a distinctive strategy for defense. We propose a novel defense-in-depth approach for network security classifiers using a hierarchical ensemble of classifiers, each using a disparate feature set. Subsequently we show the effective use of our hierarchical ensemble to defend an existing network security classifier against an AML attack. Additionally, we discover a novel set of features to detect network scanning activity. Lastly, we propose to enhance our AML defense approach in future work. A shortcoming of our approach is the increased cost to the defender for implementation of each independent classifier. Therefore, we propose combining our AML defense with a moving target defense approach. Additionally, we propose to evaluate our AML defense with a variety of datasets and classifiers and evaluate the effectiveness of decomposing a classifier with many features into multiple classifiers, each with a small subset of the features.
- Martin Arlitt and Carey Williamson. 2005. An analysis of TCP reset behaviour on the internet. SIGCOMM Comput. Commun. Rev. 35, 1 (January 2005), 37--44. Google ScholarDigital Library
- Battista Biggio, Igino Corona, Zhi-Min He, Patrick PK Chan, Giorgio Giacinto, Daniel S. Yeung, and Fabio Roli. 2015. One-and-a-half-class multiple classifier systems for secure learning against evasion attacks at test time. In International Workshop on Multiple Classifier Systems, Springer, 168--180.Google ScholarCross Ref
- Battista Biggio, Giorgio Fumera, and Fabio Roli. 2008. Adversarial pattern classification using multiple classifiers and randomisation. In Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition (SPR) and Structural and Syntactic Pattern Recognition (SSPR), Springer, 500--509.Google ScholarDigital Library
- Battista Biggio, Giorgio Fumera, and Fabio Roli. 2010. Multiple classifier systems for robust classifier design in adversarial environments. International Journal of Machine Learning and Cybernetics 1, 1--4 (December 2010), 27--41. Google ScholarCross Ref
- Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition 84, (December 2018), 317--331. Google ScholarDigital Library
- Joan Bruna, Christian Szegedy, Ilya Sutskever, Ian Goodfellow, Wojciech Zaremba, Rob Fergus, and Dumitru Erhan. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).Google Scholar
- Nilesh Dalvi, Pedro Domingos, Sumit Sanghai, and Deepak Verma. 2004. Adversarial classification. In Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, 99--108.Google ScholarDigital Library
- Michael J. De Lucia,. 2020. Machine Learning Enhanced Network Security. Doctoral Dissertation. University of Delaware, Newark, DE.Google Scholar
- Michael J. De Lucia and Chase Cotton. 2019. Adversarial machine learning for cyber security. Journal of Information Systems Applied Research 12, 1 (April 2019), 26.Google Scholar
- Wei. Fan and Salvatore J. Stolfo. 2002. Ensemble-based adaptive intrusion detection. In Proceedings of the 2002 SIAM International Conference on Data Mining. Society for Industrial and Applied Mathematics, 41--58. Google ScholarCross Ref
- Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv:1412.6572 [cs, stat] (December 2014). Retrieved November 18, 2018 from http://arxiv.org/abs/1412.6572Google Scholar
- Roberto Jordaney, Kumar Sharad, Santanu K. Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting concept drift in malware classification models. In 26th USENIX Security Symposium (Security 17), 625--642.Google Scholar
- Alex Kantchelian, J. Doug Tygar, and Anthony Joseph. 2016. Evasion and hardening of tree ensemble classifiers. In International Conference on Machine Learning, 2387--2396.Google Scholar
- Josef Kittler, Mohamad Hatef, Robert PW Duin, and Jiri Matas. 1998. On combining classifiers. IEEE transactions on pattern analysis and machine intelligence 20, 3 (1998), 226--239.Google Scholar
- Aleksander Kołcz and Choon Hui Teo. 2009. Feature weighting for improved classifier robustness. In CEAS'09: sixth conference on email and anti-spam.Google Scholar
- James Rundle and John McCormick. 2020. Bosch deploys ai to prevent attacks on cars' electronic systems. Wall Street Journal. Retrieved January 13, 2020 from https://www.wsj.com/articles/bosch-deploys-ai-to-prevent-attacks-on-cars-electronic-systems-11578306600Google Scholar
- Dongyu Meng and Hao Chen. 2017. Magnet: a two-pronged defense against adversarial examples. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 135--147.Google ScholarDigital Library
- Roberto Perdisci, Guofei Gu, and Wenke Lee. 2006. Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In Sixth International Conference on Data Mining (ICDM'06), IEEE, 488--498.Google ScholarDigital Library
- Arun A. Ross, Anil K. Jain, and Karthik Nandakumar. 2006. Information fusion in biometrics. Handbook of Multibiometrics (2006), 37--58.Google Scholar
- Arun Ross and Anil Jain. 2003. Information fusion in biometrics. Pattern recognition letters 24, 13 (2003), 2115--2125.Google Scholar
- W. Tirenin and D. Faatz. 1999. A concept for strategic cyber defense. In MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341), IEEE, Atlantic City, NJ, USA, 458--463. DOI:https://doi.org/l0.1109/MILCOM.1999.822725Google ScholarCross Ref
- Sridhar Venkatesan, Shridatt Sugrim, Rauf Izmailov, Cho-Yu J. Chiang, Ritu Chadha, Bharat Doshi, Blaine Hoffman, E. Allison Newcomb, and Norbou Buchler. 2018. On detecting manifestation of adversary characteristics. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 431--437. Google ScholarDigital Library
- 2019. Defense in depth. Retrieved November 21, 2019 from https://apps.nsa.gov/iaarchive/library/ia-guidance/archive/defense-in-depth.cfmGoogle Scholar
Index Terms
- A network security classifier defense: against adversarial machine learning attacks
Recommendations
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain
In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
A Tale of Three Cyber-Defense Workshops
The National Cyber Defense Initiative (NCDI) has been working behind the scenes to help inform the US research agenda for strategic cyber defense. An important part of the NDCI's activities has been sponsorship of three workshops: the 2006 Safe-...
Teaching security defense through web-based hacking at the undergraduate level
The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today's ...
Comments