TY - GEN
T1 - Adversarial communication networks modeling for intrusion detection strengthened against mimicry
AU - Vidal, Jorge Maestre
AU - Monge, Marco Antonio Sotelo
N1 - Publisher Copyright:
© 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2019/8/26
Y1 - 2019/8/26
N2 - The rapid evolution of the emerging communication landscape prompted the rise of never seen before threats, in this way encouraging the development of more effective Network-based Intrusion Detection Systems (NIDS) able to recognize outlying behaviors. But despite the theoretical effectiveness of the existing state-of-the-art, the in-depth review of the bibliography suggests the need for their constant adaptation to the changes in their operational environment and preventing being evaded by mimicry methods. The latest threats attempt to hide the malicious actions in a tangle of statistical features that simulate the normal use of the protected network, so they acquire a greater chance of avoiding the defensive actuators. In order to contribute to their mitigation, this paper introduces a novel intrusion detection strategy resistant against mimicry. The proposal constructs models of the network usage and from them, analyzes the binary contents of the traffic payload looking for outlying patterns that may evidence malicious contents. In contrast to most previous solutions, our research overcomes the traditional strengthening via randomization, by taking advantage of scoring the suspicious packet similarity between legitimate and previously built adversarial models. Its effectiveness was evaluated on the public datasets DARPA’99 and UCM 2011, where its ability to recognize attacks obfuscated by imitation was proven.
AB - The rapid evolution of the emerging communication landscape prompted the rise of never seen before threats, in this way encouraging the development of more effective Network-based Intrusion Detection Systems (NIDS) able to recognize outlying behaviors. But despite the theoretical effectiveness of the existing state-of-the-art, the in-depth review of the bibliography suggests the need for their constant adaptation to the changes in their operational environment and preventing being evaded by mimicry methods. The latest threats attempt to hide the malicious actions in a tangle of statistical features that simulate the normal use of the protected network, so they acquire a greater chance of avoiding the defensive actuators. In order to contribute to their mitigation, this paper introduces a novel intrusion detection strategy resistant against mimicry. The proposal constructs models of the network usage and from them, analyzes the binary contents of the traffic payload looking for outlying patterns that may evidence malicious contents. In contrast to most previous solutions, our research overcomes the traditional strengthening via randomization, by taking advantage of scoring the suspicious packet similarity between legitimate and previously built adversarial models. Its effectiveness was evaluated on the public datasets DARPA’99 and UCM 2011, where its ability to recognize attacks obfuscated by imitation was proven.
KW - Adversarial Attacks
KW - Anomalies
KW - Communication Networks
KW - Intrusion Detection
UR - http://www.scopus.com/inward/record.url?scp=85071730554&partnerID=8YFLogxK
U2 - 10.1145/3339252.3340335
DO - 10.1145/3339252.3340335
M3 - Articulo (Contribución a conferencia)
AN - SCOPUS:85071730554
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019
PB - Association for Computing Machinery
T2 - 14th International Conference on Availability, Reliability and Security, ARES 2019
Y2 - 26 August 2019 through 29 August 2019
ER -