Adversarial Explainability: Utilizing Explainable Machine Learning in Bypassing IoT Botnet Detection Systems

TL;DR

This paper presents a novel adversarial attack leveraging explainable AI to evade IoT botnet detection systems, demonstrating that minimal feature alterations can completely bypass detection in blackbox scenarios.

Contribution

It introduces a new attack method that uses explainability to craft adversarial samples capable of evading IoT botnet detection systems.

Findings

Achieved 0% detection rate with adversarial samples

Altered only one feature to bypass detection

Effective in blackbox setting

Abstract

Botnet detection based on machine learning have witnessed significant leaps in recent years, with the availability of large and reliable datasets that are extracted from real-life scenarios. Consequently, adversarial attacks on machine learning-based cybersecurity systems are posing a significant threat to the practicality of these solutions. In this paper, we introduce a novel attack that utilizes machine learning model's explainability in evading detection by botnet detection systems. The proposed attack utilizes information obtained from model's explainability to build adversarial samples that can evade detection in a blackbox setting. The proposed attack was tested on a trained IoT botnet detection systems and was capable of bypassing the botnet detection with 0% detection by altering one feature only to generate the adversarial samples.