QUB Cyber Security Researchers Awarded ‘Best Paper’ at IEEE NFV-SDN Conference
Dr Sandra Scott-Hayward and James Aiken from the Centre for Secure Information Technologies, at Queen’s University Belfast, were awarded Best Paper at the IEEE Conference on NFV-SDN 2019 for their work on “Investigating Adversarial Attacks on Network Intrusion Detection Systems in SDNs”
The 2019 IEEE NFV-SDN conference accelerates the continuous exchange on the latest ideas, developments and results between all ecosystem partners in the academia and industry area. The conference fosters discussion on new approaches as well as dedicated work on missing aspects for improvements of NFV and SDN enabling architectures, algorithms, frameworks and operation of virtualised network functions and infrastructures. The event took place this year in Dallas, Texas, USA on 12th-14th November.
Dr Scott-Hayward commented: “We are delighted to receive this award. This research exploring the impact of the application of machine learning (ML) in network security is of great importance as AI and ML approaches emerge in the networking domain. These solutions are particularly popular with the flexibility brought by software-defined networking (SDN) and network functions virtualization (NFV). We will continue to develop this work to increase the robustness of ML-based network security solutions and we look forward to IEEE NFV-SDN 2020!”
Paper Abstract: Machine-learning based network intrusion detection systems (ML-NIDS) are increasingly popular in the fight against network attacks. In particular, promising detection results have been demonstrated in conjunction with Software-Defined Networks (SDN), in which the logically centralized control plane provides access to data from across the network. However, research into adversarial attacks against machine learning classifiers has highlighted vulnerabilities in a number of fields. These vulnerabilities raise concerns about the implementation of similar classifiers in anomaly-based NIDSs within SDNs. In this work, we investigate the viability of adversarial attacks against classifiers in this field. We implement an anomaly-based NIDS, Neptune, as a target platform that utilises a number of different machine learning classifiers and traffic flow features. We develop an adversarial test tool, Hydra, to evaluate the impact of adversarial evasion classifier attacks against Neptune with the goal of lowering the detection rate of malicious network traffic. The results demonstrate that with the perturbation of a few features, the detection accuracy of a specific SYN flood Distributed Denial of Service (DDoS) attack by Neptune decreases from 100% to 0% across a number of classifiers. Based on these results, recommendations are made as to how to increase the robustness of classifiers against the demonstrated attacks.
Learn more about Dr Sandra Scott-Hayward and James Aiken’s research here: https://pure.qub.ac.uk/en/publications/investigating-adversarial-attacks-against-network-intrusion-detec