A Poisoning Attack on Intrusion Detection System Based on SVM
QIAN Ya-guan1, LU Hong-bo1, JI Shou-ling2, ZHOU Wu-jie3, WU Shu-hui1, LEI Jing-sheng1, TAO Xiang-xing1
1. School of Science & Big Data Science, Zhejiang University of Science and Technology, Hangzhou, Zhejiang 310023, China;
2. College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang 310058, China;
3. School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou, Zhejiang 310023, China
Abstract:Machine learning is widely applied in various intelligent devices including intrusion detection systems (IDS).We propose a novel approach called poising attack on IDS based on SVM.This attack is to degrade detection rate of IDS by misleading the SVM learning process with poisoned training data set.We model the poisoning attack as an optimization problem and solve it with numerical approach to get poisoned data set.At last,NSL-KDD data including several real attacks is used in our experiments,and two measures of precision and callback are used to evaluate the effectiveness.The result shows the poisoning attack approach can significantly degrade the IDS performance.This study may further understand the possible new attacks on machine learning,and provide the basis for the next study of the corresponding defense methods.
钱亚冠, 卢红波, 纪守领, 周武杰, 吴淑慧, 雷景生, 陶祥兴. 一种针对基于SVM入侵检测系统的毒性攻击方法[J]. 电子学报, 2019, 47(1): 59-65.
QIAN Ya-guan, LU Hong-bo, JI Shou-ling, ZHOU Wu-jie, WU Shu-hui, LEI Jing-sheng, TAO Xiang-xing. A Poisoning Attack on Intrusion Detection System Based on SVM. Acta Electronica Sinica, 2019, 47(1): 59-65.
[1] SOMMER R,PAXSON V.Outside the closed world:Onusing machine learning for network intrusion detection[A].IEEE Symposium on Security and Privacy(SP)[C].USA:IEEE,2010.305-316.
[2] ZHANG R,ZHU Q.Secure and resilient distributed machine learning under adversarial environments[A].Proceedings of the 18th International Conference on Information Fusion (Fusion)[C].USA:IEEE,2015.644-651.
[3] BARRENO M,NELSON B,SEARS R,et al.Can machine learning be secure?[A].Proceedings of the ACM Symposium on Information,Computer and Communications Security[C].USA:ACM,2006.16-25.
[4] 高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. GAO Ni,GAO Lin,HE Yi-yue,et al.Light weight intrusion detection model based on dimension reduction of self-coding network features[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[5] 尚文利,张盛山,万明,等.基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报,2014,42(11):2314-2320. SHANG Wen-li,ZHANG Sheng-shan,WAN Ming,et al.Abnormal detection method of Modbus TCP communication based on PSO-SVM[J].Acta Electronica Sinica,2014,42(11):2314-2320.(in Chinese)
[6] XIAO H,BIGGIO B,NELSON B,et al.Support vecto rmachines under adversarial label contamination[J].Neuro Computing,2015,160(C):53-62.
[7] PAPERNOT N,MC-DANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[A].Proceedings of the ACM on Asia Conference on Computer and Communications Security[C].USA:ACM,2017.506-519.
[8] MC-DANIEL P,PAPERNOT N,CELIK Z B.Machine learning in adversarial settings[J].IEEE Security & Privacy,2016,14(3):68-72.
[9] RUBINSTEIN B I P,NELSON B,HUANG L,et al.ANTIDOTE:Understanding and defending against poisoning of anomaly detectors[A].ACM SIGCOMM Conference on Internet Measurement[C].USA:DBLP,2009.1-14.
[10] BIGGIO B,NELSON B,LASKOV P.Poisoning attacks against support vector machines[A].International Coference on International Conference on Machine Learning[C].USA:Omnipress,2012.1467-1474.
[11] COLSON B,MARCOTTE P,SAVARD G.An overview of bilevel optimization[J].Annals of Operations Research,2007,153(1):235-256.
[12] PAPERNOT N,MCDANIEL P,SINHA A,et al.Towards the Science of Security and Privacy in Machine Learning[OL].http://arxiv.org/abs/1611.03814v1,2016.
[13] BEHAL S,KUMAR K.Characterization and comparison of DDoS attack tools and traffic generators:A review[J].International Journal of Network Security,2017,19(3):383-393.
[14] WEIGLE M C,ADURTHI P,HERNÁNDEZ-CAMPOS F,et al.Tmix:A tool for generating realistic TCP application workloads in ns-2[J].ACM SIGCOMM Computer Communication Review,2006,36(3):65-76.
[15] NSL-KDD数据集[OL].http://nsl.cs.unb.ca/NSL-KDD,2017-11-5/2018-5-29.
[16] DHANABAL L,SHANTHARAJAH S P.A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J].International Journal of Advanced Research in Computerand Communication Engineering,2015,4(6):446-452.