A network security classifier defense: against adversarial machine learning attacks

The discovery of practical adversarial machine learning (AML) attacks against machine learning-based wired and wireless network security detectors has driven the necessity of a defense. Without a defense mechanism against AML, attacks in wired and wireless networks will go unnoticed by network security classifiers resulting in their ineffectiveness. Therefore, it is essential to motivate a defense against AML attacks for network security classifiers. Existing AML defenses are generally within the context of image recognition. However, these AML defenses have limited transferability to a network security context. Unlike image recognition, a subject matter expert generally derives the features of a network security classifier. Therefore, a network security classifier requires a distinctive strategy for defense. We propose a novel defense-in-depth approach for network security classifiers using a hierarchical ensemble of classifiers, each using a disparate feature set. Subsequently we show the effective use of our hierarchical ensemble to defend an existing network security classifier against an AML attack. Additionally, we discover a novel set of features to detect network scanning activity. Lastly, we propose to enhance our AML defense approach in future work. A shortcoming of our approach is the increased cost to the defender for implementation of each independent classifier. Therefore, we propose combining our AML defense with a moving target defense approach. Additionally, we propose to evaluate our AML defense with a variety of datasets and classifiers and evaluate the effectiveness of decomposing a classifier with many features into multiple classifiers, each with a small subset of the features.

[1]  Michael J. De Lucia,et al.  Adversarial Machine Learning for Cyber Security , 2019 .

[2]  Guofei Gu,et al.  Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems , 2006, Sixth International Conference on Data Mining (ICDM'06).

[3]  Jiri Matas,et al.  On Combining Classifiers , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Fabio Roli,et al.  Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning , 2018, CCS.

[5]  Fabio Roli,et al.  Multiple classifier systems for robust classifier design in adversarial environments , 2010, Int. J. Mach. Learn. Cybern..

[6]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[7]  J. Doug Tygar,et al.  Evasion and Hardening of Tree Ensemble Classifiers , 2015, ICML.

[8]  Hao Chen,et al.  MagNet: A Two-Pronged Defense against Adversarial Examples , 2017, CCS.

[9]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[10]  Patrick P. K. Chan,et al.  One-and-a-Half-Class Multiple Classifier Systems for Secure Learning Against Evasion Attacks at Test Time , 2015, MCS.

[11]  Ilia Nouretdinov,et al.  Transcend: Detecting Concept Drift in Malware Classification Models , 2017, USENIX Security Symposium.

[12]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[13]  Fabio Roli,et al.  Adversarial Pattern Classification Using Multiple Classifiers and Randomisation , 2008, SSPR/SPR.

[14]  W. Tirenin,et al.  A concept for strategic cyber defense , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[15]  Aleksander Kolcz,et al.  Feature Weighting for Improved Classifier Robustness , 2009, CEAS 2009.

[16]  Carey L. Williamson,et al.  An analysis of TCP reset behaviour on the internet , 2005, CCRV.

[17]  Rauf Izmailov,et al.  On Detecting Manifestation of Adversary Characteristics , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[18]  Salvatore J. Stolfo,et al.  Detecting sound events in basketball video archive , 2001 .

[19]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.