Go to DBLP homepageAdversarial Attacks on Network Intrusion Detection Systems Based on Federated Learning
Abstract: Machine learning based network intrusion detection systems (ML-NIDS) are widely utilized in network security management. However, traditional ML-NIDS have proven insufficient in addressing contemporary operational requirements. The advent of federated learning introduces novel perspectives and enhances data privacy assurances for NIDS. Nevertheless, federated learning, as a decentralized variant of deep learning, remains vulnerable to adversarial attacks. Adversarial attacks against FedNIDS also face challenges such as data limitations and instability of the adversarial generation network. To mitigate the aforementioned challenges, we propose an adversarial attack methodology that integrates adversarial sample generation with poisoning attacks. Firstly, we introduce the WMGAN model for generating adversarial samples, leveraging the global model within the federated learning framework as one of the discriminators and employing pre-training during the attack preparation phase. Subsequently, a vulnerability dataset is introduced to serve as the initial set of attack samples, thereby enhancing the invisibility of the attack. Finally, the ESJSMA algorithm is proposed to imbue a large number of adversarial samples with malicious features and execute label flipping, thereby resulting in the creation of a poisoned dataset. Through comprehensive experimental validation, our proposed adversarial scheme demonstrates superior performance in terms of accuracy and invisibility compared to existing approaches, especially in attack invisibility, with an average improvement of approximately 2.17 times.
Loading