SPARTA Publications

All accepted publications from SPARTA partners under its funding.

Defending Network Intrusion Detection Systems against Adversarial Evasion Attacks

Marek Pawlicki; Michał Choraś; Rafał Kozik


Intrusion Detection and the ability to detect attacks is a crucial aspect to ensure cybersecurity. However, what if an IDS (Intrusion Detection System) itself is attacked; in other words what defends the defender? In this work, the focus is on countering attacks on machine learning-based cyberattack detectors. In principle, we propose the adversarial machine learning detection solution. Indeed, contemporary machine learning algorithms have not been designed bearing in mind the adversarial nature of the environments they are deployed in. Thus, Machine Learning solutions are currently the target of a range of attacks. This paper evaluates the possibility of deteriorating the performance of a well-optimised intrusion detection algorithm at test time by crafting adversarial attacks with the four of the recently proposed methods and then offers a way to detect those attacks. The relevant background is provided for both artificial neural networks and four ways of crafting adversarial attacks. The new detection method is explained in detail, and the results of five different classifiers are compared. To the best of our knowledge, detecting adversarial attacks on artificial neural networks has not yet been widely researched in the context of intrusion detection systems.

Full publication