A training-resistant anomaly detection system

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine-learning based detection schemes, and how it can be detected.

Mots clés

Network security Machine learning Anomaly detection Intrusion detection system Training attack

Domaines

Cryptographie et sécurité [cs.CR]

Ex-Bibliothèque Télécom Bretagne (devenu IMT Atlantique) : Connectez-vous pour contacter le contributeur

https://hal.science/hal-01836374

Soumis le : jeudi 12 juillet 2018-11:57:53

Dernière modification le : lundi 5 juin 2023-12:32:03

Dates et versions

hal-01836374 , version 1 (12-07-2018)

Identifiants

HAL Id : hal-01836374 , version 1
DOI : 10.1016/j.cose.2018.02.015

Citer

Steve Muller, Jean Lancrenon, Carlo Harpes, Yves Le Traon, Sylvain Gombault, et al.. A training-resistant anomaly detection system. Computers and Security, 2018, 76, pp.1-11. ⟨10.1016/j.cose.2018.02.015⟩. ⟨hal-01836374⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

INSTITUT-TELECOM UNIV-RENNES1 CNRS INRIA INSA-RENNES IRISA CENTRALESUPELEC INRIA2 UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES IMT-ATLANTIQUE UR1-MATH-NUM

188 Consultations

0 Téléchargements