Rallying Adversarial Techniques against Deep Learning for Network Security
Joseph Clements, Yuzhe Yang, Ankur A. Sharma, Hongxin Hu, Yingjie Lao
Abstract
Recent advances in artificial intelligence and the increasing need for robust defensive measures in network security have led to the adoption of deep learning approaches for network intrusion detection systems (NIDS). These methods have achieved superior performance against conventional network attacks, enabling unique and dynamic security systems in realworld applications. Adversarial machine learning, unfortunately, has recently shown that deep learning models are inherently vulnerable to adversarial modifications on their input data. In this work, we explore the potential of adversarial entities to compromise such vulnerabilities to compromise deep learning-based NIDS systems. Specifically, we show that by modifying on average as little as 1.38 of an observed packet's input features, an adversary can generate malicious inputs that effectively fool a target deep learning-based NIDS. Therefore, it is crucial to consider the performance from the conventional network security perspective and the adversarial machine learning domain when designing such systems.