Explainability and Adversarial Robustness for RNNs

by   Alexander Hartl, et al.

Recurrent Neural Networks (RNNs) yield attractive properties for constructing Intrusion Detection Systems (IDSs) for network data. With the rise of ubiquitous Machine Learning (ML) systems, malicious actors have been catching up quickly to find new ways to exploit ML vulnerabilities for profit. Recently developed adversarial ML techniques focus on computer vision and their applicability to network traffic is not straightforward: Network packets expose fewer features than an image, are sequential and impose several constraints on their features. We show that despite these completely different characteristics, adversarial samples can be generated reliably for RNNs. To understand a classifier's potential for misclassification, we extend existing explainability techniques and propose new ones, suitable particularly for sequential data. Applying them shows that already the first packets of a communication flow are of crucial importance and are likely to be targeted by attackers. Feature importance methods show that even relatively unimportant features can be effectively abused to generate adversarial samples. Since traditional evaluation metrics such as accuracy are not sufficient for quantifying the adversarial threat, we propose the Adversarial Robustness Score (ARS) for comparing IDSs, capturing a common notion of adversarial robustness, and show that an adversarial training procedure can significantly and successfully reduce the attack surface.


page 1

page 7


GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection

Machine Learning (ML) has proven to be effective in many application dom...

SparseIDS: Learning Packet Sampling with Reinforcement Learning

Recurrent Neural Networks (RNNs) have been shown to be valuable for cons...

ASNM Datasets: A Collection of Network Traffic Features for Testing of Adversarial Classifiers and Network Intrusion Detectors

In this paper, we present three datasets that have been built from netwo...

Unveiling the potential of Graph Neural Networks for robust Intrusion Detection

The last few years have seen an increasing wave of attacks with serious ...

Generating Practical Adversarial Network Traffic Flows Using NIDSGAN

Network intrusion detection systems (NIDS) are an essential defense for ...

Are Existing Out-Of-Distribution Techniques Suitable for Network Intrusion Detection?

Machine learning (ML) has become increasingly popular in network intrusi...

Evaluations and Methods for Explanation through Robustness Analysis

Among multiple ways of interpreting a machine learning model, measuring ...

Please sign up or login with your details

Forgot password? Click here to reset