Poisoning Attack Data Detection with Internal Coefficient Displacement for Machine Learning Based NIDS

Shimada, Hajime; Kuwayama, Takuya; Hasegawa, Hirokazu; Yamaguchi, Yukiko

Home // CYBER 2024, The Ninth International Conference on Cyber-Technologies and Cyber-Systems // View article

Poisoning Attack Data Detection with Internal Coefficient Displacement for Machine Learning Based NIDS

Authors:
Hajime Shimada
Takuya Kuwayama
Hirokazu Hasegawa
Yukiko Yamaguchi

Keywords: poisoning attack detection; machine learning based NIDS.

Abstract:
Due to the improvement of Machine Learning (ML) techniques, ML has been used extensively in cyber security and Machine Learning based Network-based Intrusion Detection Systems (ML-NIDS) is a one of those examples. However, arising methods to attack ML systems are becoming new threats to them. A poisoning attack is one of those threat and it gives adversely affect to the classification performance. As a threat on ML-NIDS area, we are afraid about a threat that an attacker distributes manipulated traffic session data as a new dataset with aiming poisoning attack to ML-NIDS. In this paper, we try to identify whether newly added training data is poisoning attack data or not based on the displacement of an internal coefficient of a classifier. This research utilizes Support Vector Machine (SVM) for a classifier so that the internal coefficients represents gradient of hyperplane in SVM classifier. We assumed that manipulated traffic session data for poisoning attack will largely confuse the internal coefficient vector. Thus, if the internal coefficient vector displaces largely after retraining with newly added data, we estimate that the newly added data is a poisoning attack data. We also propose a method to define a threshold value that distinguishes poisoning attack data and clean data. We evaluated our proposal with SVM based NIDS with an open traffic session dataset and poisoning attack with Biggio's SVM poisoning algorithm. We confirmed that our proposal can detect poisoning attack data and achieves 0.9838 F1 score at 8% poisoning rate (ratio of newly added poisoning attack training data to existing clean data), which is better performance compared to an existing poisoning attack data detection method.

Pages: 19 to 24

Copyright: Copyright (c) IARIA, 2024

Publication date: September 29, 2024

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-68558-186-2

Location: Venice, Italy

Dates: from September 29, 2024 to October 3, 2024