PANDA: Practical Adversarial Attack Against Network Intrusion Detection

Subrat Kumar Swain; Vireshwar Kumar; Guangdong Bai; Dan Dongseong Kim

doi:10.1109/DSN-S60304.2024.00017

PANDA: Practical Adversarial Attack Against Network Intrusion Detection

Subrat Kumar Swain
, Vireshwar Kumar
, Guangdong Bai
, Dan Dongseong Kim

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

2 Citations (Scopus)

Abstract

While adversarial machine learning (AML) attacks have become prevalent in the computer vision (CV) domain, their applications in other domains, such as network intrusion detection systems (NIDS), remain limited. This gap stems from the lack of a well-defined input space in non-image domains, hindering the generation of adversarial examples. Unlike CV problems, where the input space is the feature space, other domains generally lack a precise inverse mapping from the feature space to the problem space. In this work, we propose PANDA, a novel approach that bridges this gap and enables AML attacks against NIDS. PANDA represents a series of packets as images for training a surrogate NIDS model. Benefiting from the invertibility of this representation, PANDA leverages well-evolved image-based AML attacks to generate adversarial examples against the surrogate model. It then repurposes the adversarial examples from the surrogate model to evade the target NIDS model. We demonstrate the effectiveness of PANDA by successfully crafting adversarial network intrusions with the UQ-IoT dataset. This work establishes a framework for transferring AML attacks from the CV domain to the network domain, opening new avenues for attack modelling and defence strategies in NIDS. © 2024 IEEE.

Original language	English
Title of host publication	Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024
Place of Publication	Los Alamitos, Calif.
Publisher	IEEE
Pages	28-32
Number of pages	5
ISBN (Electronic)	9798350395709
ISBN (Print)	9798350395716
DOIs	https://doi.org/10.1109/DSN-S60304.2024.00017
Publication status	Published - 2024
Externally published	Yes
Event	54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S 2024) - Brisbane, Australia Duration: 24 Jun 2024 → 27 Jun 2024

Publication series

Name	Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S
ISSN (Print)	2833-2903
ISSN (Electronic)	2833-292X

Conference

Conference	54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S 2024)
Place	Australia
City	Brisbane
Period	24/06/24 → 27/06/24

Funding

This work was supported by the Ministry of Electronics and Information Technology (MeitY), Government of India.

Research Keywords

Adversarial Attacks
Network Security
NIDS
Robustness

Access Output

10.1109/DSN-S60304.2024.00017

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Swain, S. K., Kumar, V., Bai, G., & Kim, D. D. (2024). PANDA: Practical Adversarial Attack Against Network Intrusion Detection. In Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024 (pp. 28-32). (Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S). IEEE. https://doi.org/10.1109/DSN-S60304.2024.00017

Swain, Subrat Kumar ; Kumar, Vireshwar ; Bai, Guangdong et al. / PANDA : Practical Adversarial Attack Against Network Intrusion Detection. Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024. Los Alamitos, Calif. : IEEE, 2024. pp. 28-32 (Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S).

@inproceedings{de8f68b0a5b14b2c8051d9e57de747dd,

title = "PANDA: Practical Adversarial Attack Against Network Intrusion Detection",

abstract = "While adversarial machine learning (AML) attacks have become prevalent in the computer vision (CV) domain, their applications in other domains, such as network intrusion detection systems (NIDS), remain limited. This gap stems from the lack of a well-defined input space in non-image domains, hindering the generation of adversarial examples. Unlike CV problems, where the input space is the feature space, other domains generally lack a precise inverse mapping from the feature space to the problem space. In this work, we propose PANDA, a novel approach that bridges this gap and enables AML attacks against NIDS. PANDA represents a series of packets as images for training a surrogate NIDS model. Benefiting from the invertibility of this representation, PANDA leverages well-evolved image-based AML attacks to generate adversarial examples against the surrogate model. It then repurposes the adversarial examples from the surrogate model to evade the target NIDS model. We demonstrate the effectiveness of PANDA by successfully crafting adversarial network intrusions with the UQ-IoT dataset. This work establishes a framework for transferring AML attacks from the CV domain to the network domain, opening new avenues for attack modelling and defence strategies in NIDS. {\textcopyright} 2024 IEEE.",

keywords = "Adversarial Attacks, Network Security, NIDS, Robustness",

author = "Swain, \{Subrat Kumar\} and Vireshwar Kumar and Guangdong Bai and Kim, \{Dan Dongseong\}",

year = "2024",

doi = "10.1109/DSN-S60304.2024.00017",

language = "English",

isbn = "9798350395716",

series = "Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S",

publisher = "IEEE",

pages = "28--32",

booktitle = "Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024",

address = "United States",

note = "54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S 2024) ; Conference date: 24-06-2024 Through 27-06-2024",

}

Swain, SK, Kumar, V, Bai, G & Kim, DD 2024, PANDA: Practical Adversarial Attack Against Network Intrusion Detection. in Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024. Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S, IEEE, Los Alamitos, Calif., pp. 28-32, 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S 2024), Brisbane, Queensland, Australia, 24/06/24. https://doi.org/10.1109/DSN-S60304.2024.00017

PANDA: Practical Adversarial Attack Against Network Intrusion Detection. / Swain, Subrat Kumar; Kumar, Vireshwar; Bai, Guangdong et al.
Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024. Los Alamitos, Calif.: IEEE, 2024. p. 28-32 (Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - PANDA

T2 - 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S 2024)

AU - Swain, Subrat Kumar

AU - Kumar, Vireshwar

AU - Bai, Guangdong

AU - Kim, Dan Dongseong

PY - 2024

Y1 - 2024

N2 - While adversarial machine learning (AML) attacks have become prevalent in the computer vision (CV) domain, their applications in other domains, such as network intrusion detection systems (NIDS), remain limited. This gap stems from the lack of a well-defined input space in non-image domains, hindering the generation of adversarial examples. Unlike CV problems, where the input space is the feature space, other domains generally lack a precise inverse mapping from the feature space to the problem space. In this work, we propose PANDA, a novel approach that bridges this gap and enables AML attacks against NIDS. PANDA represents a series of packets as images for training a surrogate NIDS model. Benefiting from the invertibility of this representation, PANDA leverages well-evolved image-based AML attacks to generate adversarial examples against the surrogate model. It then repurposes the adversarial examples from the surrogate model to evade the target NIDS model. We demonstrate the effectiveness of PANDA by successfully crafting adversarial network intrusions with the UQ-IoT dataset. This work establishes a framework for transferring AML attacks from the CV domain to the network domain, opening new avenues for attack modelling and defence strategies in NIDS. © 2024 IEEE.

AB - While adversarial machine learning (AML) attacks have become prevalent in the computer vision (CV) domain, their applications in other domains, such as network intrusion detection systems (NIDS), remain limited. This gap stems from the lack of a well-defined input space in non-image domains, hindering the generation of adversarial examples. Unlike CV problems, where the input space is the feature space, other domains generally lack a precise inverse mapping from the feature space to the problem space. In this work, we propose PANDA, a novel approach that bridges this gap and enables AML attacks against NIDS. PANDA represents a series of packets as images for training a surrogate NIDS model. Benefiting from the invertibility of this representation, PANDA leverages well-evolved image-based AML attacks to generate adversarial examples against the surrogate model. It then repurposes the adversarial examples from the surrogate model to evade the target NIDS model. We demonstrate the effectiveness of PANDA by successfully crafting adversarial network intrusions with the UQ-IoT dataset. This work establishes a framework for transferring AML attacks from the CV domain to the network domain, opening new avenues for attack modelling and defence strategies in NIDS. © 2024 IEEE.

KW - Adversarial Attacks

KW - Network Security

KW - NIDS

KW - Robustness

UR - https://www.scopus.com/pages/publications/85203826333

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85203826333&origin=recordpage

U2 - 10.1109/DSN-S60304.2024.00017

DO - 10.1109/DSN-S60304.2024.00017

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9798350395716

T3 - Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S

SP - 28

EP - 32

BT - Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024

PB - IEEE

CY - Los Alamitos, Calif.

Y2 - 24 June 2024 through 27 June 2024

ER -

Swain SK, Kumar V, Bai G, Kim DD. PANDA: Practical Adversarial Attack Against Network Intrusion Detection. In Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024. Los Alamitos, Calif.: IEEE. 2024. p. 28-32. (Proceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S). Epub 2024 Aug 29. doi: 10.1109/DSN-S60304.2024.00017

PANDA: Practical Adversarial Attack Against Network Intrusion Detection

Abstract

Publication series

Conference

Funding

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this