Adaptative Perturbation Patterns: Realistic Adversarial Learning for Robust Intrusion Detection
Jo\~ao Vitorino, Nuno Oliveira, Isabel Pra\c{c}a
TL;DR
This paper introduces the Adaptative Perturbation Pattern Method (A2PM), a novel approach for generating realistic adversarial examples in cybersecurity, enhancing the robustness of intrusion detection systems against evasion attacks.
Contribution
The paper proposes A2PM, a new method that creates realistic adversarial examples by adapting perturbation patterns to class characteristics in a gray-box setting, addressing realism constraints.
Findings
A2PM generates scalable, realistic adversarial examples.
A2PM improves adversarial training effectiveness.
Adversarial examples successfully evade classifiers in case studies.
Abstract
Adversarial attacks pose a major threat to machine learning and to the systems that rely on it. In the cybersecurity domain, adversarial cyber-attack examples capable of evading detection are especially concerning. Nonetheless, an example generated for a domain with tabular data must be realistic within that domain. This work establishes the fundamental constraint levels required to achieve realism and introduces the Adaptative Perturbation Pattern Method (A2PM) to fulfill these constraints in a gray-box setting. A2PM relies on pattern sequences that are independently adapted to the characteristics of each class to create valid and coherent data perturbations. The proposed method was evaluated in a cybersecurity case study with two scenarios: Enterprise and Internet of Things (IoT) networks. Multilayer Perceptron (MLP) and Random Forest (RF) classifiers were created with regular and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.