Poisoning the Well: Adversarial Poisoning on ML-based Software-defined
Network Intrusion Detection Systems
Abstract
With the usage of machine learning (ML) algorithms in modern-day network
intrusion detection systems (NIDS), contemporary network communications
are efficiently protected from cyber threats. However, these ML
algorithms are starting to be compromised by adversarial attacks that
ambush the ML pipeline. In this paper, we demonstrate the feasibility of
an adversarial attack called the Cosine Similarity Label Manipulation
(CSLM), which is geared toward compromising training labels for ML-based
NIDS, and how they can affect ML pipelines. We demonstrate the efficacy
of the attacks towards both single and multi-controller software-defined
network (SDN) setups. Results indicate that the proposed attacks provide
substantial deterioration of classifier performance in single SDNs,
specifically, those that utilize RF, which deteriorates
~50% under Min-CSLM attacks, and SVMs, which undergo
~60% deterioration from a Max-CSLM attack. We also note
that RF, SVM, and MLP classifiers are also extensively vulnerable to
these attacks in MSDNs as they incur the most observed utility
deterioration. MLP-based uniform multi-controller setups (MSDN) incur
the most deterioration under both proposed CSLM attacks with
~28% decrease in performance, while SVM and RF-based
variable MSDNs incur the most deterioration under both CSLM attacks with
~30% and ~35% decrease in performance,
respectively.