Mitigating Evasion Attacks on Machine Learning based NIDS Systems in SDN

摘要

Today, network-based intrusions are among the most prevalent security threats our networked systems face. In the case of software-defined networks (SDN), not only the connected devices and services but also the SDN controllers may be subjected to intrusion attempts. The advent of efficient and robust machine learning (ML) algorithms along with the availability of a large number of network datasets enabled the development of ML-based network intrusion detection systems (NIDS). Recent work has demonstrated that ML-based NIDS systems are vulnerable to evasion attacks where the adversary targets the ML classifier in the NIDS system to evade detection by performing various packet perturbations. In this work, we propose an approach to build robust ML based NIDS systems that use multiple ML classifiers trained with reduced feature sets. Our approach depends on a careful feature selection procedure based on Permutation Feature Importance, a wrapper based feature engineering method. Our evaluations on well-known datasets show that the proposed hybrid multi-classifier system is robust and performs well against the packet perturbation attacks considered in this work.