DIGFuPAS: Deceive IDS with GAN and function-preserving on adversarial samples in SDN-enabled networks

Abstract

Showing a great potential in various domains, machine learning techniques are more and more used in the task of malicious network traffic detection to significantly enhance the ability of intrusion detection system (IDS). When associating with Software-Defined Networks (SDN), the deployment of IDSs can leverage the centralized control plane in SDN to support for large-scale network monitoring. However, machine learning-based IDSs themselves can be attacked and tricked by adversarial examples with additional perturbation from the original ones. It is vital to provide supplementary unknown traffic to evaluate and improve the resilience of IDS against variants of cyberattacks. Thus, this work explores the method of generating adversarial attack samples by Generative Adversarial Model (GAN) to deceive IDS. We propose DIGFuPAS, a framework can create attack samples which can bypass machine learning-based IDSs in SDN with the black-box manner. In this framework, instead of Vanilla GAN, we use Wassertein GAN (WGAN) to improve the ability of GAN convergence training. In addition, the strategy of preserving functional features of attack traffic is applied to maintain the operational aspect of adversarial attacks. Through our implementation and experiments on NSL-KDD and CICIDS2018 dataset, the decreased detection rate of black-box IDSs on adversarial attacks demonstrates that our proposed framework can make IDSs in SDN-enabled networks misclassify on GAN-based synthetic attacks. Also, we utilize DIGFuPAS as a tool for evaluating and improving the robustness of IDS by repetitively retraining classifiers from crafted network traffic flow.