Boosting robustness of network intrusion detection systems: A novel two phase defense strategy against untargeted white-box optimization adversarial attack

Abstract

Machine Learning and Deep Learning based Network Intrusion Detection Systems (NIDS) serve as the backbone to protect computer networks against various cyber security threats. However, their susceptibility to adversarial attacks is the biggest challenge in front of the security administrator. In adversarial machine learning, the attacker crafts adversarial examples by adding small perturbations (tiny noise) in benign and legitimate network traffic data. These adversarial examples can easily deceive machine learning-based NIDS into producing incorrect classification and evading intrusion detection. This necessitates a robust NIDS that can detect and mitigate adversarial attacks immediately. In this research, we have proposed the two-phase defence method against the most powerful optimization-based adversarial attack, Carlini & Wagner (C&W). The two defence phases are the training and testing phase. In the training phase, we have used modified adversarial training using Gaussian Data Augmentation (GDA). In the testing phase, we have applied the Feature Squeezing (FS) method over the generated adversarial list before passing it to the robust NIDS model for final classification. The latest CIC-DDoS-2019 dataset is used to evaluate the proposed two-phase defence method effectively in terms of classification reports and confusion metrics. This research provides a comprehensive perspective of adversarial machine learning, its broad classification, and its defence approaches. The potential of the proposed research is not just limited to computer security. In fact, it can be adopted in other research domains, such as video analytics and surveillance systems.