TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack

Sharon, Yam; Berend, David; Liu, Yang; Shabtai, Asaf; Elovici, Yuval

doi:10.1109/tifs.2022.3201377

Cited by 23 publications

(9 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, it is difficult for attackers to obtain detection algorithms for white-box attacks. In 2022, Sharon et al [8] proposed TANTRA, an adversarial network traffic remolding attack that is based on end-to-end timing. An LSTM deep neural network is used, which is trained to learn the time difference between the benign packets of the target network.…”

Section: Adversarial Malicious Encrypted Traffic Researchmentioning

confidence: 99%

“…When an attacker discovers that malicious encrypted traffic can also be detected, they may create additional malicious encrypted traffic. With the upgrading of attacks and defense confrontation, more and more attackers will generate adversarial samples to bypass the current mainstream detection methods [8]. Even some minor changes will seriously affect the accuracy of the detection method [9].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis

Chen

et al. 2022

Symmetry

View full text Add to dashboard Cite

The detection of malicious encrypted traffic is an important part of modern network security research. The producers of the current malware do not pay attention to the fact that malicious encrypted traffic can also be detected; they do not construct further adversarial malicious encrypted traffic to deceive existing malicious encrypted traffic detection methods. However, with the increasing confrontation between attack and defense, adversarial malicious encrypted traffic samples will appear gradually, which will make the existing malicious encrypted traffic detection methods obsolete. In this paper, an adversarial malicious encrypted traffic detection method based on refined session analysis (ADRSA) is proposed. The key ideas of this method are: 1) interpretability analysis is used to extract malicious traffic features that are not easily affected by encryption, 2) restoration technology is used to further improve traffic separability, and 3) a deep neural network is used to identify adversarial malicious encrypted traffic. In experimental tests, the ADRSA method could accurately detect malicious encrypted traffic, particularly adversarial malicious encrypted traffic, and the detection rate is more than 95%. However, the detection rate of other malicious encrypted traffic detection methods is almost zero when facing adversarial malicious encrypted traffic. The detection performance of ADRSA exceeds that of the most popular detection methods.

show abstract

Section: Adversarial Malicious Encrypted Traffic Researchmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis

Chen

et al. 2022

Symmetry

View full text Add to dashboard Cite

show abstract

“…Recently, several studies [ 6 , 7 , 8 , 9 , 10 , 11 ] were introduced to investigate the impact of AML techniques on ML-based IDSs. These works considered AML attack strategies, defense strategies, or both for the sake of robustness enhancement.…”

Section: Introductionmentioning

confidence: 99%

RobEns: Robust Ensemble Adversarial Machine Learning Framework for Securing IoT Traffic

Alkadi,

Al-Ahmadi,

Ben Ismail

2024

Sensors

View full text Add to dashboard Cite

Recently, Machine Learning (ML)-based solutions have been widely adopted to tackle the wide range of security challenges that have affected the progress of the Internet of Things (IoT) in various domains. Despite the reported promising results, the ML-based Intrusion Detection System (IDS) proved to be vulnerable to adversarial examples, which pose an increasing threat. In fact, attackers employ Adversarial Machine Learning (AML) to cause severe performance degradation and thereby evade detection systems. This promoted the need for reliable defense strategies to handle performance and ensure secure networks. This work introduces RobEns, a robust ensemble framework that aims at: (i) exploiting state-of-the-art ML-based models alongside ensemble models for IDSs in the IoT network; (ii) investigating the impact of evasion AML attacks against the provided models within a black-box scenario; and (iii) evaluating the robustness of the considered models after deploying relevant defense methods. In particular, four typical AML attacks are considered to investigate six ML-based IDSs using three benchmarking datasets. Moreover, multi-class classification scenarios are designed to assess the performance of each attack type. The experiments indicated a drastic drop in detection accuracy for some attempts. To harden the IDS even further, two defense mechanisms were derived from both data-based and model-based methods. Specifically, these methods relied on feature squeezing as well as adversarial training defense strategies. They yielded promising results, enhanced robustness, and maintained standard accuracy in the presence or absence of adversaries. The obtained results proved the efficiency of the proposed framework in robustifying IDS performance within the IoT context. In particular, the accuracy reached 100% for black-box attack scenarios while preserving the accuracy in the absence of attacks as well.

show abstract

“…However, the fixed data samples cannot be used to study a dynamic case. Meanwhile, adversarial attacks challenge the robustness of DL-based NIDS [11], and researchers need to perturb the behavior of network traffic. Therefore, each data sample needs an interface to be modified.…”

Section: Introductionmentioning

confidence: 99%

Learn-IDS: Bridging Gaps between Datasets and Learning-Based Network Intrusion Detection

Wang,

Yang,

Guo

et al. 2024

Electronics

View full text Add to dashboard Cite

In an era marked by the escalating architectural complexity of the Internet, network intrusion detection stands as a pivotal element in cybersecurity. This paper introduces Learn-IDS, an innovative framework crafted to bridge existing gaps between datasets and the training process within deep learning (DL) models for Network Intrusion Detection Systems (NIDS). To elevate conventional DL-based NIDS methods, which are frequently challenged by the evolving cyber threat landscape and exhibit limited generalizability across various environments, Learn-IDS works as a potent and adaptable platform and effectively tackles the challenges associated with datasets used in deep learning model training. Learn-IDS takes advantage of the raw data to address three challenges of existing published datasets, which are (1) the provided tabular format is not suitable for the diversity of DL models; (2) the fixed traffic instances are not suitable for the dynamic network scenarios; (3) the isolated published datasets cannot meet the cross-dataset requirement of DL-based NIDS studies. The data processing results illustrate that the proposed framework can correctly process and label the raw data with an average of 90% accuracy across three published datasets. To demonstrate how to use Learn-IDS for a DL-based NIDS study, we present two simple case studies. The case study on cross-dataset sampling function reports an average of 30.3% OOD accuracy improvement. The case study on data formatting function shows that introducing temporal information can enhance the detection accuracy by 4.1%.The experimental results illustrate that the proposed framework, through the synergistic fusion of datasets and DL models, not only enhances detection precision but also dynamically adapts to emerging threats within complex scenarios.

show abstract

TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack

Cited by 23 publications

References 27 publications

Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis

Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis

RobEns: Robust Ensemble Adversarial Machine Learning Framework for Securing IoT Traffic

Learn-IDS: Bridging Gaps between Datasets and Learning-Based Network Intrusion Detection

Contact Info

Product

Resources

About