In EDS ansehen

Adversarial Evasion Attack Detection using Ensemble Classifiers in P4 Data Plane.

Gespeichert in:
Bibliographische Detailangaben
Titel: Adversarial Evasion Attack Detection using Ensemble Classifiers in P4 Data Plane.
Autoren: Ganesan, Aparna1 (AUTHOR) Aparna.Ganesan@utdallas.edu, Sarac, Kamil1 (AUTHOR) ksarac@utdallas.edu
Quelle: Journal of Network & Systems Management. Oct2025, Vol. 33 Issue 4, p1-40. 40p.
Abstract: Today, network-based intrusions are among the most prevalent security threats our networked systems face. In the case of software-defined networks (SDN), not only the connected devices and services but also the SDN controllers may become severe bottlenecks during such attacks. The advent of efficient and robust machine learning (ML) algorithms along with the availability of a large number of network datasets enabled the development of ML-based network intrusion detection systems (NIDSs). Recent work has demonstrated that ML-based NIDSs are vulnerable to evasion attacks where the adversary targets the ML classifiers in the NIDS to evade detection by performing various packet perturbations. In this work, we propose an approach to build robust ML-based NIDSs that use multiple ML classifiers trained with reduced feature sets. Our approach depends on a careful feature selection procedure based on Permutation Feature Importance, a wrapper-based feature engineering method. Our evaluations on well-known datasets show that the proposed hybrid multi-classifier system is robust and performs well against the packet perturbation attacks considered in this work. We demonstrate the translation of these ensemble classifiers onto the data plane switches, specifically P4-based software switches to perform in-network packet classification. In particular, we propose a scalable, memory-efficient translation of Decision Tree and Logistic Regression models as part of our ensemble classifier. We show that the final ensemble classifier is robust and performs with an accuracy in the range of 97% to 99% across all the considered types of evasion attacks. [ABSTRACT FROM AUTHOR]
Datenbank: Academic Search Index
Beschreibung
Abstract:Today, network-based intrusions are among the most prevalent security threats our networked systems face. In the case of software-defined networks (SDN), not only the connected devices and services but also the SDN controllers may become severe bottlenecks during such attacks. The advent of efficient and robust machine learning (ML) algorithms along with the availability of a large number of network datasets enabled the development of ML-based network intrusion detection systems (NIDSs). Recent work has demonstrated that ML-based NIDSs are vulnerable to evasion attacks where the adversary targets the ML classifiers in the NIDS to evade detection by performing various packet perturbations. In this work, we propose an approach to build robust ML-based NIDSs that use multiple ML classifiers trained with reduced feature sets. Our approach depends on a careful feature selection procedure based on Permutation Feature Importance, a wrapper-based feature engineering method. Our evaluations on well-known datasets show that the proposed hybrid multi-classifier system is robust and performs well against the packet perturbation attacks considered in this work. We demonstrate the translation of these ensemble classifiers onto the data plane switches, specifically P4-based software switches to perform in-network packet classification. In particular, we propose a scalable, memory-efficient translation of Decision Tree and Logistic Regression models as part of our ensemble classifier. We show that the final ensemble classifier is robust and performs with an accuracy in the range of 97% to 99% across all the considered types of evasion attacks. [ABSTRACT FROM AUTHOR]
ISSN:10647570
DOI:10.1007/s10922-025-09948-7