Research on Adversarial Machine Learning-Based Network Intrusion Detection Method

doi:10.3969/j.issn.1671-1122.2023.08.006

Abstract

Abstract:

The diversity of attack categories and uneven distribution of numbers in network attack data result in the weak generalization ability of existing machine-learning algorithm-based network intrusion detection models for some types of attacks, and the vulnerability of deep learning models to adversarial examples leads to many constraints on the application of deep learning models in network intrusion detection. In this paper, we first proposed a random subspace-based intrusion detection model named BAVE-ELM (Bat Algorithm Voting Ensemble Extreme Learning Machines), which better balanced the generalization ability and false alarm rate of the model. Then, by using BAVE-ELM as a kind of base classifier, an adaptive ensemble-based network intrusion detection model named EA-NIDS (Ensemble Adaptive Network Intrusion Detection System) was proposed, which could significantly enhance the generalization ability of the detection model against various attacks. Finally, we proposed an adversarial machine learning-based network intrusion detection method, which significantly improved the robustness of the model by introducing adversarial training in EA-NIDS. The experimental results indicate that the proposed method can enhance the detection performance and generalization of network intrusion detection effectively, and the robustness of machine learning-based network intrusion detection models against adversarial attacks can be significantly improved without affecting its detection accuracy.

Key words: network intrusion detection, adversarial examples, adaptive ensemble

CLC Number:

TP309

SHEN Hua, TIAN Chen, GUO Sensen, MU Zhiying. Research on Adversarial Machine Learning-Based Network Intrusion Detection Method[J]. Netinfo Security, 2023, 23(8): 66-75.

Figures/Tables 13

References 22

[1]	IMRAN M, HAIDER N, SHOAIB M, et al. An Intelligent and Efficient Network Intrusion Detection System Using Deep Learning[J]. Computers and Electrical Engineering, 2022, 99: 764-772.
[2]	DIXIT P, SILAKARI S. Deep Learning Algorithms for Cybersecurity Applications: A Technological and Status Review[J]. Computer Science Review, 2021, 39: 317-328.
[3]	SARANYA T, SRIDEVI S, DEISY C, et al. Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review[J]. Procedia Computer Science, 2020, 171: 1251-1260. doi: 10.1016/j.procs.2020.04.133 URL
[4]	INJADAT M N, MOUBAYED A, NASSIF A B, et al. Machine Learning Towards Intelligent Systems: Applications, Challenges, and Opportunities[J]. Artificial Intelligence Review, 2021, 54: 3299-3348. doi: 10.1007/s10462-020-09948-w
[5]	FARNAAZ N, JABBAR M. Random Forest Modeling for Network Intrusion Detection System[J]. Procedia Computer Science, 2016, 89: 213-217. doi: 10.1016/j.procs.2016.06.047 URL
[6]	JIANG Hui, HE Zheng, YE Gang, et al. Network Intrusion Detection Based on PSO-XGBoost Model[J]. IEEE Access, 2020, 8: 58392-58401. doi: 10.1109/Access.6287639 URL
[7]	WISANWANICHTHAN T, THAMMAWICHAI M. A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naive Bayes and SVM[J]. IEEE Access, 2021, 9: 138432-138450. doi: 10.1109/ACCESS.2021.3118573 URL
[8]	YANG Junzheng, LIU Feng, ZHAO YuanJie, et al. An Ensemble Learning Based Non-Intrusive Network Security Risk Assessment Prediction Model[C]//IEEE. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC). New York: IEEE, 2022: 17-23.
[9]	RING M, WUNDERLICH S, SCHEURING D, et al. A Survey of Network-Based Intrusion Detection Data Sets[J]. Computers & Security, 2019, 86: 147-167. doi: 10.1016/j.cose.2019.06.005 URL
[10]	VOROBEYCHIK Y, KANTARCIOGLU M. Adversarial Machine Learning[J]. Synthesis Lectures on Artificial Intelligence and Machine Learning, 2018, 12(3): 160-169.
[11]	SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing Properties of Neural Networks[C]//ICLR. The 2nd International Conference on Learning Representations. New York: ICLR, 2014: 189-201.
[12]	GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and Harnessing Adversarial Examples[C]//ICLR. The 3rd International Conference on Learning Representations. New York: ICLR, 2015: 371-384.
[13]	CARLINI N, WAGNER D. Towards Evaluating the Robustness of Neural Networks[C]//IEEE. 2017 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2017: 39-57.
[14]	MOOSAVI-DEZFOOLI S M, FAWZI A, FROSSARD P. Deepfool:A Simple and Accurate Method to Fool Deep Neural Networks[C]//IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2016: 2574-2582.
[15]	DONG Yingpeng, LIAO Fangzhou, PANG Tianyu, et al. Boosting Adversarial Attacks with Momentum[C]//IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2018: 9185-9193.
[16]	MARDRY A, MAKELOV A, SCHMIDT L, et al. Towards Deep Learning Models Resistant to Adversarial Attacks[C]// ICLR. The 6th International Conference on Learning Representations. New York: ICLR, 2018: 211-220.
[17]	MOGHADDASI S S, FARAJI N. A Hybrid Algorithm Based on Particle Filter and Genetic Algorithm for Target Tracking[J]. Expert Systems with Applications, 2020, 147: 188-199.
[18]	LIU Feng, WANG Hanyang, Zhang Jiaohao, et al. EvoGAN: An Evolutionary Computation Assisted GAN[J]. Neurocomputing, 2022, 469: 81-90. doi: 10.1016/j.neucom.2021.10.060 URL
[19]	FERRAG M A, MAGLARAS L, MOSCHOYIANNIS S, et al. Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study[J]. Journal of Information Security and Applications, 2020, 50: 419-430.
[20]	LATAH M, TOKER L. An Efficient Flow-Based Multi-Level Hybrid Intrusion Detection System for Software-Defined Networks[J]. CCF Transactions on Networking, 2020, 3(3-4): 261-271. doi: 10.1007/s42045-020-00040-z
[21]	WU Kehe, CHEN Zuge, LI Wei. A Novel Intrusion Detection Model for a Massive Network Using Convolutional Neural Networks[J]. IEEE Access, 2018, 6: 50850-50859. doi: 10.1109/ACCESS.2018.2868993 URL
[22]	AMBUSAIDI MA, HE XiangJian, NANDA P, et al. Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm[J]. IEEE Transactions on Computers, 2016, 65(10): 2986-2998. doi: 10.1109/TC.2016.2519914 URL

数据集	NSL-KDD				CIC-IDS2017
指标	Acc	FPR	DR	Cost	Acc	FPR	DR	Cost
ELM	90.13 %	1.53 %	90.47 %	15.31 %	83.32 %	3.961 %	83.09 %	10.89 %
VELM	94.27 %	1.59 %	93.94 %	3.56 %	88.11 %	1.72 %	88.93 %	4.26 %
BAVE-ELM	95.54 %	0.84 %	94.08 %	2.39 %	89.15 %	1.03 %	89.74 %	2.92 %

算法	Acc	FPR	DR	Cost	Time
决策树	87.92 %	1.96 %	87.35 %	4.04 %	45.82 %
随机森林	88.48 %	2.32 %	89.52 %	4.82 %	53.43 %
KNN	86.36 %	3.04 %	86.84 %	5.94 %	92.61 %
支持向量机	81.29 %	3.84 %	83.07 %	10.62 %	2006.31 %
Adaboost	83.47 %	6.93 %	81.49 %	8.72 %	559.47 %
LR	78.36 %	2.59 %	80.04 %	6.82 %	76.88 %
DNN	89.36 %	0.81 %	88.17 %	2.04 %	316.14 %
BAVE-ELM	89.15 %	1.03 %	89.74 %	2.92 %	150.68 %

数据集	NSL-KDD				CIC-IDS2017
指标	Acc	FPR	DR	Cost	Acc	FPR	DR	Cost
EA-NIDS	96.84 %	0.39 %	96.83 %	1.31 %	92.67 %	1.64 %	93.07 %	2.85 %
BAVE-ELM	95.54 %	0.84 %	94.08 %	2.39 %	89.15 %	1.93 %	89.74 %	3.92 %
ELM-KNN^[20]	90.37 %	2.91 %	88.43 %	8.47 %	84.33 %	4.63 %	85.54 %	13.51 %
CNN^[21]	89.18 %	2.88 %	89.76 %	8.97 %	81.48 %	3.21 %	80.72 %	11.29 %
LSSVMIDS^[22]	83.69 %	4.36 %	81.31 %	20.35 %	74.08 %	4.84 %	75.97 %	17.14 %
NB Tree^[19]	78.04 %	10.09 %	79.47 %	40.09 %	65.14 %	9.06 %	67.88 %	35.82 %

算法	BENIGN	DoS	Brute Force SSH	Botnet
决策树	96.51 %	88.43 %	5.96 %	1.91 %
随机森林	95.17 %	86.86 %	2.82 %	2.93 %
KNN	96.49 %	87.18 %	20.58 %	6.72 %
支持向量机	96.06 %	79.37 %	13.72 %	1.86 %
Adaboost	93.68 %	80.64 %	3.94 %	3.04 %
BAVE-ELM	97.06 %	87.69 %	50.6 %	46.87 %
LR	90.48 %	79.91 %	2.06 %	1.48 %
DNN	93.92 %	87.35 %	32.75 %	9.07 %
EA-NIDS	96.36 %	87.04 %	60.93 %	63.42 %