Go to DSN 2023 homepagePoisoning Online Learning Filters by Shifting on the Move
Abstract: The recent advancements in machine learning have led to a wave of interest in adopting online learning approaches for long-standing attack mitigation issues. In particular, DDoS attacks remain a significant threat to network service availability. These attacks have been well investigated under the assumption that malicious traffic originates from a single attack profile. Based on this premise, malicious traffic characteristics are assumed to be considerably different from legitimate traffic. In this paper, we introduce a poisoning attack that takes a contextual generative approach to generate shifting malicious traffic, studying its effects on online deep-learning DDoS filters. We investigate an adverse scenario where the attacker is “crafty”, switching profiles during attacks and generating erratic attack traffic. This elusive attacker manipulates contexts derived using stochastic modeling that capture the distributions of network traffic to poison the filters. To this end, we present a generative model MimicShift, capable of efficiently shifting its attack while retaining the originating traffic's intrinsic properties. Comprehensive experiments show that online learning filters are highly susceptible to poisoning attacks, sometimes faltering to 100% false-negative rates on the evaluation datasets.
0 Replies
Loading