Network intrusion attacks are a known threat. To detect such attacks, network intrusion detection systems (NIDSs) have been developed and deployed. These systems apply machine learning models to high-dimensional vectors of features extracted from network traffic to detect intrusions. Advances in NIDSs have made it challenging for attackers, who must execute attacks without being detected by these systems. Prior research on bypassing NIDSs has mainly focused on perturbing the features extracted from the attack traffic to fool the detection system, however, this may jeopardize the attack's functionality. In this work, we present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack that can bypass a variety of NIDSs. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. The trained LSTM is used to set the time differences between the malicious traffic packets (attack), without changing their content, such that they will "behave" like benign network traffic and will not be detected as an intrusion. We evaluate TANTRA on eight common intrusion attacks and three state-of-the-art NIDS systems, achieving an average success rate of 99.99\% in network intrusion detection system evasion. We also propose a novel mitigation technique to address this new evasion attack.
翻译:网络入侵攻击是一种已知的威胁。为了侦测这种攻击,已经开发并部署了网络入侵探测系统(NIDS),这些系统对从网络交通中提取的特征的高维矢量应用机器学习模型,以探测入侵。NIDS的进展使攻击者面临挑战,攻击者必须在没有被这些系统探测到的情况下实施攻击。先前关于绕过NIDS的研究主要侧重于干扰从攻击交通中提取的特征,以欺骗探测系统,但这可能危及攻击的功能。在这项工作中,我们介绍TANTRA,一个新型的端到端的Aversari网络反向端的反时装攻击模式,可以绕过各种NIDS。我们的规避攻击利用了一个长期记忆(LSTM)深神经网络(DNN),后者必须先学会了解目标网络的良包之间的时间差异。受过训练的LSTM用来确定恶意交通包(攻击)之间的时间差异,而不会改变其内容。在不改变内容的情况下,它们将“保持良好的网络交通状态,而且不会被检测成“良性网络”的对99号反射线网路。我们还要利用一个普通的入侵率系统进行八号的入侵。我们还评估。
相关内容
微信扫码咨询专知VIP会员