Adversarial communication networks modeling for intrusion detection strengthened against mimicry

Jorge Maestre Vidal, Marco Antonio Sotelo Monge

Research output: Chapter in Book/Report/Conference proceedingPaper (Conference contribution)peer-review

Abstract

The rapid evolution of the emerging communication landscape prompted the rise of never seen before threats, in this way encouraging the development of more effective Network-based Intrusion Detection Systems (NIDS) able to recognize outlying behaviors. But despite the theoretical effectiveness of the existing state-of-the-art, the in-depth review of the bibliography suggests the need for their constant adaptation to the changes in their operational environment and preventing being evaded by mimicry methods. The latest threats attempt to hide the malicious actions in a tangle of statistical features that simulate the normal use of the protected network, so they acquire a greater chance of avoiding the defensive actuators. In order to contribute to their mitigation, this paper introduces a novel intrusion detection strategy resistant against mimicry. The proposal constructs models of the network usage and from them, analyzes the binary contents of the traffic payload looking for outlying patterns that may evidence malicious contents. In contrast to most previous solutions, our research overcomes the traditional strengthening via randomization, by taking advantage of scoring the suspicious packet similarity between legitimate and previously built adversarial models. Its effectiveness was evaluated on the public datasets DARPA’99 and UCM 2011, where its ability to recognize attacks obfuscated by imitation was proven.

Original languageEnglish
Title of host publicationProceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450371643
DOIs
StatePublished - 26 Aug 2019
Externally publishedYes
Event14th International Conference on Availability, Reliability and Security, ARES 2019 - Canterbury, United Kingdom
Duration: 26 Aug 201929 Aug 2019

Publication series

NameACM International Conference Proceeding Series

Conference

Conference14th International Conference on Availability, Reliability and Security, ARES 2019
Country/TerritoryUnited Kingdom
CityCanterbury
Period26/08/1929/08/19

Keywords

  • Adversarial Attacks
  • Anomalies
  • Communication Networks
  • Intrusion Detection

Fingerprint

Dive into the research topics of 'Adversarial communication networks modeling for intrusion detection strengthened against mimicry'. Together they form a unique fingerprint.

Cite this