Abstract
As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.
Highlights
The internet is increasingly being populated with new devices and emerging technologies, which increases the surface of attacks, allowing cybercriminals to gain control of improperly secured devices
Machine learning-based Intrusion Detection Systems (IDS) are vulnerable to adversarial attacks, in which the intent is to cause incorrect data classification so adversaries can avoid detection
Our work aims to provide a deeper understanding of adversarial machine learning methods and how they can bypass machine learning-based IDS
Summary
The internet is increasingly being populated with new devices and emerging technologies, which increases the surface of attacks, allowing cybercriminals to gain control of improperly secured devices. The first approach is to detect an attack by setting up alert triggers, for example, once a threshold is exceeded. Such a detection strategy informs the administrators that an attack occurs but does not prevent it. The final approach is to block an attack, which entails setting protections in place in retrospect of the attack, preventing or detecting the attack when it occurs. In the latter two approaches, the IDS is configured as an Intrusion Prevention System (IPS) [5]
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call