Abstract
Recently, machine learning-based wireless intrusion detection systems (IDSs) have been demonstrated to have high detection accuracy in malicious traffic detection. However, many researchers argue that a variety of attacks are significantly challenging the security of machine learning techniques themselves. In this paper, we study two different types of security threats which can effectively degrade the performance of machine learning based wireless IDSs. First, we propose an Adaptive SMOTE (A-SMOTE) algorithm which can adaptively generate new training data points based on few existing ones with labels. Then, we introduce a stealing model attack by training a substitute model using deep neural networks (DNNs) based on the augmented training data in order to imitate the machine learning model embedded in targeted systems. After that, we present a novel poisoning strategy to attack against the substitute machine learning model, resulting in a set of adversarial samples that can be used to degrade the performance of targeted systems. Experiments on three real data sets collected from wired and wireless networks have demonstrated that the proposed stealing model and poisoning attacks can effectively degrade the performance of IDSs using different machine learning algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. Int. J. 36(10), 11994–12000 (2009). https://doi.org/10.1016/j.eswa.2009.05.029
Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proceedings of the AISTATS 2010, pp. 405–412 (2010)
Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., Leung, V.C.M.: A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 6, 12103–12117 (2018). https://doi.org/10.1109/ACCESS.2018.2805680
Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: Proceedings of the ASIACCS 2006, pp. 16–25. ACM (2006). https://doi.org/10.1145/1128817.1128824
Zhao, M., An, B., Gao, W., Zhang, T.: Efficient label contamination attacks against black-box learning models. In: Proceedings of the IJCAI 2017, pp. 3945–3951 (2017). https://doi.org/10.24963/ijcai.2017/551
Wittel, G.L., Wu, S.F.: On attacking statistical spam filters. In: Proceedings of the CEAS 2004 (2004). http://www.ceas.cc/papers-2004/170.pdf
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN (2017). https://arxiv.org/abs/1702.05983
Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs, pp. 601–618 (2016)
Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Proceedings of the Symposium on Security and Privacy 2017, pp. 3–18 (2017). https://doi.org/10.1109/SP.2017.41
Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of the ICML 2012, pp. 1467–1474 (2012)
Biggio, B., Fumera, G., Roli, F., Didaci, L.: Poisoning adaptive biometric systems. In: Gimel’farb, G., et al. (eds.) SSPR/SPR 2012. LNCS, vol. 7626, pp. 417–425. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34166-3_46
Li, P., Liu, Q., Zhao, W., Wang, D., Wang, S.: BEBP: an poisoning method against machine learning based IDSs (2018). https://arxiv.org/abs/1803.03965
Rubinstein, B.I., Nelson, B., Huang, L., Joseph, A.D., Lau, S., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the IMC 2009, pp. 1–14. ACM, New York (2009). https://doi.org/10.1145/1644893.1644895
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16(1), 321–357 (2002). https://doi.org/10.1613/jair.953
Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDs evaluation. In: Proceedings of the BADGERS 2011, pp. 29–36. ACM, New York (2011). https://doi.org/10.1145/1978672.1978676
Almomani, I., Al-Kasasbeh, B., Al-Akhras, M.: WSN-DS: a dataset for intrusion detection systems in wireless sensor networks. J. Sens. 2016(2), 1–16 (2016). https://doi.org/10.1155/2016/4731953
Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016). https://doi.org/10.1109/TrustCom.2014.15
Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the ASIACCS 2017, pp. 506–519. ACM, New York (2017). https://doi.org/10.1145/3052973.3053009
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Li, P., Zhao, W., Liu, Q., Liu, X., Yu, L. (2018). Poisoning Machine Learning Based Wireless IDSs via Stealing Learning Model. In: Chellappan, S., Cheng, W., Li, W. (eds) Wireless Algorithms, Systems, and Applications. WASA 2018. Lecture Notes in Computer Science(), vol 10874. Springer, Cham. https://doi.org/10.1007/978-3-319-94268-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-94268-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94267-4
Online ISBN: 978-3-319-94268-1
eBook Packages: Computer ScienceComputer Science (R0)