Army Cyber Institute
Permanent URI for this collection
Browse
Browsing Army Cyber Institute by Author "Alhajjar, Elie"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Adversarial machine learning in Network Intrusion Detection Systems(2021-12-30) Alhajjar, Elie ; Maxwell, Paul ; Bastian, Nathaniel D.Adversarial examples are inputs to a machine learning system intentionally crafted by an attacker to fool the model into producing an incorrect output. These examples have achieved a great deal of success in several domains such as image recognition, speech recognition and spam detection. In this paper, we study the nature of the adversarial problem in Network Intrusion Detection Systems (NIDS). We focus on the attack perspective, which includes techniques to generate adversarial examples capable of evading a variety of machine learning models. More specifically, we explore the use of evolutionary computation (particle swarm optimization and genetic algorithm) and deep learning (generative adversarial networks) as tools for adversarial example generation. To assess the performance of these algorithms in evading a NIDS, we apply them to two publicly available data sets, namely the NSL-KDD and UNSW-NB15, and we contrast them to a baseline perturbation method: Monte Carlo simulation. The results show that our adversarial example generation techniques cause high misclassification rates in eleven different machine learning models, along with a voting classifier. Our work highlights the vulnerability of machine learning based NIDS in the face of adversarial perturbation.Item Novelty Detection in Network Traffic: Using Survival Analysis for Feature Identification(IEEE, 2023) Bradley, Taylor; Alhajjar, Elie; Bastian, Nathaniel D.Network Intrusion Detection Systems (NIDS) are an important component of many organizations’ cyber defense, resiliency and assurance strategies. However, one downside of these systems is their reliance on known attack signatures for detection of malicious network events. When it comes to unknown attack types and zero-day exploits, even modern machine learning based NIDS often fall short. In this paper, we introduce an unconventional approach to identifying network traffic features that influence novelty detection based on survival analysis techniques. Specifically, we combine several Cox proportional hazards models and implement Kaplan-Meier estimates to predict the probability that a classifier identifies novelty after the injection of an unknown network attack at any given time. The proposed model is successful at pinpointing PSH Flag Count, ACK Flag Count, URG Flag Count, and Down/Up Ratio as the main features to impact novelty detection via Random Forest, Bayesian Ridge, and Linear Support Vector Regression classifiers.