A Deep Learning Approach to Create DNS Amplification Attacks

TL;DR

This paper demonstrates that adversarial learning algorithms from image and language processing can be used to generate malicious inputs that deceive DNS amplification detection systems, highlighting vulnerabilities in cybersecurity defenses.

Contribution

It applies Elastic-Net Attack and TextAttack algorithms to a DNS amplification classifier, revealing new vulnerabilities in network intrusion detection neural networks.

Findings

Both EAD and TextAttack successfully generate adversarial examples for DNS detection.

Adversarial inputs can cause misclassification of malicious traffic as legitimate.

The study highlights the need for more robust cybersecurity models against adversarial attacks.

Abstract

In recent years, deep learning has shown itself to be an incredibly valuable tool in cybersecurity as it helps network intrusion detection systems to classify attacks and detect new ones. Adversarial learning is the process of utilizing machine learning to generate a perturbed set of inputs to then feed to the neural network to misclassify it. Much of the current work in the field of adversarial learning has been conducted in image processing and natural language processing with a wide variety of algorithms. Two algorithms of interest are the Elastic-Net Attack on Deep Neural Networks and TextAttack. In our experiment the EAD and TextAttack algorithms are applied to a Domain Name System amplification classifier. The algorithms are used to generate malicious Distributed Denial of Service adversarial examples to then feed as inputs to the network intrusion detection systems neural network to classify as valid traffic. We show in this work that both image processing and natural language processing adversarial learning algorithms can be applied against a network intrusion detection neural network.