A training-resistant anomaly detection system

Steve Muller 1 Jean Lancrenon 1 Carlo Harpes 1 Yves Le Traon 2 Sylvain Gombault 3, 1 Jean-Marie Bonnin 1, 4
3 OCIF - Objets communicants pour l'Internet du futur
IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA_D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
4 EASE - Enabling Affordable Smarter Environment
Inria Rennes – Bretagne Atlantique , IRISA_D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine-learning based detection schemes, and how it can be detected.
Document type :
Journal articles
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01836374
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Thursday, July 12, 2018 - 11:57:53 AM
Last modification on : Thursday, March 7, 2019 - 12:04:03 PM

Links full text

Identifiers

Citation

Steve Muller, Jean Lancrenon, Carlo Harpes, Yves Le Traon, Sylvain Gombault, et al.. A training-resistant anomaly detection system. Computers and Security, Elsevier, 2018, 76, pp.1-11. ⟨10.1016/j.cose.2018.02.015⟩. ⟨hal-01836374⟩

Share

Metrics

Record views

198