Hardening Random Forest Cyber Detectors Against Adversarial Attacks

TL;DR

This paper introduces a novel defense method for random forest-based intrusion detection systems that effectively counters adversarial attacks and maintains high performance in both attacked and normal scenarios.

Contribution

The paper proposes an original methodology to defend random forest cyber detectors against adversarial perturbations, improving robustness without sacrificing performance.

Findings

Outperforms state-of-the-art detectors under adversarial attacks

Maintains robust detection in non-adversarial scenarios

Effective on large-scale network traffic data

Abstract

Machine learning algorithms are effective in several applications, but they are not as much successful when applied to intrusion detection in cyber security. Due to the high sensitivity to their training data, cyber detectors based on machine learning are vulnerable to targeted adversarial attacks that involve the perturbation of initial samples. Existing defenses assume unrealistic scenarios; their results are underwhelming in non-adversarial settings; or they can be applied only to machine learning algorithms that perform poorly for cyber security. We present an original methodology for countering adversarial perturbations targeting intrusion detection systems based on random forests. As a practical application, we integrate the proposed defense method in a cyber detector analyzing network traffic. The experimental results on millions of labelled network flows show that the new detector has a twofold value: it outperforms state-of-the-art detectors that are subject to adversarial attacks; it exhibits robust results both in adversarial and non-adversarial scenarios.