PCAP-Backdoor: Backdoor Poisoning Generator for Network Traffic in CPS/IoT Environments

TL;DR

This paper presents PCAP-Backdoor, a novel method for poisoning network traffic datasets to embed backdoors in deep learning-based intrusion detection systems, demonstrating high effectiveness and detection difficulty in CPS/IoT environments.

Contribution

Introduction of PCAP-Backdoor, a new technique for backdoor poisoning in network traffic datasets, showing its effectiveness with minimal data poisoning and resistance to detection.

Findings

Effective backdoor poisoning with less than 1% dataset contamination.

Backdoored models misclassify malicious traffic when trigger is present.

Existing defenses struggle to detect the introduced backdoor.

Abstract

The rapid expansion of connected devices has made them prime targets for cyberattacks. To address these threats, deep learning-based, data-driven intrusion detection systems (IDS) have emerged as powerful tools for detecting and mitigating such attacks. These IDSs analyze network traffic to identify unusual patterns and anomalies that may indicate potential security breaches. However, prior research has shown that deep learning models are vulnerable to backdoor attacks, where attackers inject triggers into the model to manipulate its behavior and cause misclassifications of network traffic. In this paper, we explore the susceptibility of deep learning-based IDS systems to backdoor attacks in the context of network traffic analysis. We introduce \texttt{PCAP-Backdoor}, a novel technique that facilitates backdoor poisoning attacks on PCAP datasets. Our experiments on real-world Cyber-Physical Systems (CPS) and Internet of Things (IoT) network traffic datasets demonstrate that attackers can effectively backdoor a model by poisoning as little as 1\% or less of the entire training dataset. Moreover, we show that an attacker can introduce a trigger into benign traffic during model training yet cause the backdoored model to misclassify malicious traffic when the trigger is present. Finally, we highlight the difficulty of detecting this trigger-based backdoor, even when using existing backdoor defense techniques.