DL-based defense against polymorphic network attacks

Date

2024-01-01

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Network security is of vital importance in our world dominated by internet systems. These systems are vulnerable to large-scale rapidly evolving attacks by sophisticated cyber attackers who can have an upper edge over the defensive systems. Artificial Intelligence (AI) based intrusion detection systems provide effective defense mechanisms against cyber attacks. However, these techniques often rely on the same dataset for training and validation as well as evaluation of AI models. Current research [1] also confirms that such trained models can accurately identify known/typical network attacks but perform poorly when faced with continuously evolving atypical/polymorphic cyberattacks. Therefore, it is crucial to develop and train an AI-based Intrusion Detection System (IDS) that proactively learns to resist infiltration by such dynamically changing attacks. For this purpose, in this research work, we propose an AI-based IDS system that can monitor and detect polymorphic network attacks with high confidence levels. We propose a novel hybrid adversarial model that leverages the best characteristics of a Conditional Variational Autoencoder (CVAE) and a Generative Adversarial Network (GAN). Our system generates adversarial polymorphic attacks against the IDS to examine its performance and incrementally retrains it to strengthen its detection of new attacks, specifically for minority attack samples in the input data. The employed attack quality analysis ensures that the adversarial atypical/polymorphic attacks generated through our system resemble realistic network attacks. Our experiments showcase the exceptional performance of the proposed IDS by training it using the CICIDS2017 and CICIoT2023 benchmark datasets and evaluating its performance against several atypical/polymorphic attack flows. The results indicate that the proposed technique, through adaptive training, learns the pattern of dynamically changing atypical/polymorphic attacks and identifies such attacks with high IDS proficiency. Additionally, our IDS surpasses various state-of-the-art anomaly detection and class balancing techniques.

Description

Keywords

Attack quality, Atypical/polymorphic attacks, Deep learning, Feature profile, Intrusion Detection System

Citation