Strengthening IDS against Evasion Attacks with GAN-based Adversarial Samples in SDN-enabled network

With the spread of the number of smart devices in the context of Smart City, Software Defined Networking (SDN) is considered as a vital principle to manage a large-scale heterogeneous network within centralized controller. To deal with cyberattacks against such networks, intrusion detection system (IDS) is built to recognize and alert to the system administrator for further appropriate response. Currently, machine learning-based IDS (ML-IDS) has been explored and is still being developed. However, these systems give a high rate of false alert and are easily deceived by sophisticated attacks such as variants of attacks containing perturbation. Therefore, it is necessary to continuously evaluate and improve these systems by simulating mutation of real-world network attack. Relied on the Generative Discriminative Networks (GANs), we introduce DIGFuPAS, a framework that generates data flow of cyberattacks capable of bypassing ML-IDS. It can generate malicious data streams that mutate from real attack traffic making the IDS undetectable. The generated traffic flow is used to retrain ML-IDS, for improving the robustness of IDS in detecting sophisticated attacks. The experiments are performed and evaluated through 2 criteria: Detection rate (DR) and F1 Score (F1) on the public dataset, named CICIDS2017. DIGFuPAS can be used for continuously pentesting and evaluating IDS's capability once integrated as an automated sustainability test pipeline for SDN-enabled networks.

Automated summary

A framework that generates data flow of cyberattacks capable of bypassing machine learning-based intrusion detection systems (ML-IDS) was proposed to improve the IDS's capability in detecting sophisticated attacks. By generating data flows to retrain ML-IDS, the framework enhances the robustness of IDS against attacks. Experimental results show that this method effectively improves the performance of IDS in detecting malicious attacks.