| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 3.62 MB | Adobe PDF |
Authors
Vitorino, João
Oliveira, Nuno
Praça, Isabel
Advisor(s)
Abstract(s)
Adversarial attacks pose a major threat to machine learning and to the
systems that rely on it. In the cybersecurity domain, adversarial cyber-attack
examples capable of evading detection are especially concerning. Nonetheless,
an example generated for a domain with tabular data must be realistic within
that domain. This work establishes the fundamental constraint levels required
to achieve realism and introduces the Adaptative Perturbation Pattern Method
(A2PM) to fulfill these constraints in a gray-box setting. A2PM relies on
pattern sequences that are independently adapted to the characteristics of each
class to create valid and coherent data perturbations. The proposed method was
evaluated in a cybersecurity case study with two scenarios: Enterprise and
Internet of Things (IoT) networks. Multilayer Perceptron (MLP) and Random
Forest (RF) classifiers were created with regular and adversarial training,
using the CIC-IDS2017 and IoT-23 datasets. In each scenario, targeted and
untargeted attacks were performed against the classifiers, and the generated
examples were compared with the original network traffic flows to assess their
realism. The obtained results demonstrate that A2PM provides a scalable
generation of realistic adversarial examples, which can be advantageous for
both adversarial training and attacks.
Description
Keywords
Realistic adversarial examples Adversarial attacks Adversarial robustness Machine learning Tabular data Intrusion detection
Citation
Publisher
MDPI