Projects - User contributions [en]

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2020-06-08T16:27:47Z

A1702353:

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Motivations ==
1. Network intrusion detection is a significant piece of the data security framework 
2. Wide application of machine learning techniques in network intrusion detection 
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning 
4. Most work used outdated datasets 

== Research Framework ==
1. Problem formulation 
'''Problem to Solve''' 
To reduce the impact on test accuracy of the network intrusion detector based on Random Forest and SVM against poisoning attacks simulated by statistical and gradient-based methods 
'''What is Given''' 
i. Network Traffic Datasets - KDD 99', UNSW-NB15, CIC IDS 2017 etc 
ii. Mechanisms of Poisoning Attacks - Random Label Flips, Feature Manipulation, Jacobian Saliency Map Attack (JSMA), Fast Gradient Sign Method (FGSM) etc 
iii. Libraries of Machine Learning Algorithms - scikit-learn, MATLAB Statistics & Machine Learning toolbox, cleaverhans library 
'''Constraints''' 
i. Time 
ii. Complexity 
iii. Memory 

2. Develop Conceptual Model 
'''Network Intrusion Detection System'''

3. Identify Relevant Approaches 

4. Collecting & Synthesis of Existing Data & Metadata 
'''Dataset Analysis'''

5. Generate Specific Hypotheses 

6. Test Hypotheses 

7. Research & Findings 

8. Synthesis of Results 

== Related Work ==
'''Phase I: Model Generation & Simple Attack Simulation''' 
In phase I we will perform literature review to solidify understanding of Adversarial Machine Learning & to investigate what has been done in this field. We will then move on to evaluate and analyze commonly used datasets for network intrusion detection, including benchmark sets such as KDD 99' and NSL KDD, and other dataset sets such as UNSW NB-15 and CIC IDS 2017. After the choice of dataset is justified, we move on to perform data preprocessing to the dataset and evaluate the dataset using python's sklearn library and WEKA, both which are commonly used machine learning tools. 

'''Phase II: State-of-the-Art Attacks & Defence Methods Implementation''' 
Attack: 
1. Random Label Flipping 
Select random samples and flip their labels. 
2. Statistical Based Poisoning 
Manipulate features values. 
3. Optimisation Based Poisoning 
Initialise attack point and move it along the direction of the steepest gradient of the outer objective function. 

Defence: 
1. KNN Relabelling 
Relabel the neighbours of a query point (in the training set) based on the label of the query point itself. 
2. Label Propagation 
Semi-supervised method to propagate labels to an unlabelled set using a small set of verified data. 
3. Hybrid Method 
Combining the methods in 1. and 2. 

'''Phase III: Model Security Evaluation''' 

== References ==
[1] “Wild patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognition, vol. 84, pp. 317–331, 2018. 
[2] M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li, “Manipulating machine learning: Poisoning attacks and countermeasures for regression learning,” in 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 19–35. 
[3] B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines,” in ICML’12 Proceedings of the 29th International Conference on International Conference on Machine Learning, USA: Omnipress, 2012, pp. 1467–1474. 
[4] M. Ghifary, W. Kleijn, and M. Zhang, “Deep hybrid network with good out-of-sample object recognition,” in ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing, May 2014. 
[5] A. Paudice, L. Munoz-Gonzalez, and E. Lupu, “Label sanitization against label flipping poisoning attacks," Springer Verlag, 2019, pp. 5-15. 
[6] R. Taheri, R. Javidan, M. Shojafar, Z. Pooranian, A. Miri, and M. Conti, “On defending against label flipping attacks on malware detection systems," Mar. 2020. arXiv: 1908. 04473v2 [cs.LG].

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2020-06-08T15:57:35Z

A1702353:

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Motivations ==
1. Network intrusion detection is a significant piece of the data security framework 
2. Wide application of machine learning techniques in network intrusion detection 
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning 
4. Most work used outdated datasets 

== Research Framework ==
1. Problem formulation 
'''Problem to Solve''' 
To reduce the impact on test accuracy of the network intrusion detector based on Random Forest and SVM against poisoning attacks simulated by statistical and gradient-based methods 
'''What is Given''' 
i. Network Traffic Datasets - KDD 99', UNSW-NB15, CIC IDS 2017 etc 
ii. Mechanisms of Poisoning Attacks - Random Label Flips, Feature Manipulation, Jacobian Saliency Map Attack (JSMA), Fast Gradient Sign Method (FGSM) etc 
iii. Libraries of Machine Learning Algorithms - scikit-learn, MATLAB Statistics & Machine Learning toolbox, cleaverhans library 
'''Constraints''' 
i. Time 
ii. Complexity 
iii. Memory 

2. Develop Conceptual Model 
'''Network Intrusion Detection System'''

3. Identify Relevant Approaches 

4. Collecting & Synthesis of Existing Data & Metadata 
'''Dataset Analysis'''

5. Generate Specific Hypotheses 

6. Test Hypotheses 

7. Research & Findings 

8. Synthesis of Results 

== Related Work ==
'''Phase I: Model Generation & Simple Attack Simulation''' 
In phase I we will perform literature review to solidify understanding of Adversarial Machine Learning & to investigate what has been done in this field. We will then move on to evaluate and analyze commonly used datasets for network intrusion detection, including benchmark sets such as KDD 99' and NSL KDD, and other dataset sets such as UNSW NB-15 and CIC IDS 2017. After the choice of dataset is justified, we move on to perform data preprocessing to the dataset and evaluate the dataset using python's sklearn library and WEKA, both which are commonly used machine learning tools. Then we will build our model from scratch & without libraries. 

'''Phase II: State-of-the-Art Attacks & Defence Methods Implementation''' 
Attack: 
1. Random Label Flipping 
Select random samples and flip their labels. 
2. Statistical Based Poisoning 
Manipulate features values. 
3. Optimisation Based Poisoning 
Initialise attack point and move it along the direction of the steepest gradient of the outer objective function. 

Defence: 
1. KNN Relabelling 
Relabel the neighbours of a query point (in the training set) based on the label of the query point itself. 
2. Label Propagation 
Semi-supervised method to propagate labels to an unlabelled set using a small set of verified data. 
3. Hybrid Method 
Combining the methods in 1. and 2. 

'''Phase III: Model Security Evaluation''' 

== References ==
[1] “Wild patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognition, vol. 84, pp. 317–331, 2018.
[2] M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li, “Manipulating machine learning: Poisoning attacks and countermeasures for regression learning,” in 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 19–35.
[3] B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines,” in ICML’12 Proceedings of the 29th International Conference on International Conference on Machine Learning, USA: Omnipress, 2012, pp. 1467–1474.
[4] M. Ghifary, W. Kleijn, and M. Zhang, “Deep hybrid network with good out-of-sample object recognition,” in ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing, May 2014.
[5] A. Paudice, L. Munoz-Gonzalez, and E. Lupu, “Label sanitization against label flipping poisoning attacks," Springer Verlag, 2019, pp. 5-15.
[6] R. Taheri, R. Javidan, M. Shojafar, Z. Pooranian, A. Miri, and M. Conti, “On defending against label flipping attacks on malware detection systems," Mar. 2020. arXiv: 1908. 04473v2 [cs.LG].

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:38:32Z

A1702353: /* Related Work */

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:37:58Z

A1702353: /* Related Work */

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:35:18Z

A1702353: /* Research Framework */

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:33:38Z

A1702353:

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:20:00Z

A1702353: /* Related Work */

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

== Motivations ==
1. Network intrusion detection is a significant piece of the data security framework 
2. Wide application of machine learning techniques in network intrusion detection 
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning 
4. Most work used outdated datasets 

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Related Work ==
Phase I: Model Generation & Simple Attack Simulation 
Phase II: State-of-the-Art Attacks & Defence Methods Implementation 
Phase III: Model Security Evaluation Using Simulated Network Topology 

== Methodology ==

== References ==

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:13:28Z

A1702353: /* Motivations */

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

== Motivations ==
1. Network intrusion detection is a significant piece of the data security framework 
2. Wide application of machine learning techniques in network intrusion detection 
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning 
4. Most work used outdated datasets 

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Related Work ==
Phase I: Model Generation & Simple Attack Simulation
Phase II: State-of-the-Art Attacks & Defence Methods Implementation
Phase III: Model Security Evaluation Using Simulated Network Topology

== Methodology ==

== References ==

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:12:48Z

A1702353: /* Motivations */

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

== Motivations ==
1. Network intrusion detection is a significant piece of the data security framework
2. Wide application of machine learning techniques in network intrusion detection
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning
4. Most work used outdated datasets

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Related Work ==
Phase I: Model Generation & Simple Attack Simulation
Phase II: State-of-the-Art Attacks & Defence Methods Implementation
Phase III: Model Security Evaluation Using Simulated Network Topology

== Methodology ==

== References ==

Projects:2019s2-23102 Secure Machine Learning Against DoS Induced by Poisoning Attacks

2019-09-22T12:10:41Z

A1702353:

== Introduction ==
Poisoning attacks are one type of adversarial machine learning technique which aims to fool the target learning-based system by injecting "false" data into the system's training set, in order to maximise the system's misclassification rate. This project analyses how poisoning attacks can compromise the functionality of a network intrusion detection system (NIDS) and proposes countermeasures.

In the target system, Denial of Service (DoS) in Appication Layer can be caused if the detectors misclassify legitimate users into malicious ones. The problem to solve in this project is to reduce DoS caused by this kind of misclassification of the network intrusion detector by imposing poisoning attacks simulated by statistical-based and gradient-based methods. The machine learning algorithms to look into are those of highest accuracies in current research, e.g., Random Forest, SVM and some classifier ensemble techniques.

Canadian Institute for Cybersecurity Intrusion Detection System Dataset (CICIDS 2017) is chosen to be the network traffic dataset to work on.

==Motivations==
1. Network intrusion detection is a significant piece of the data security framework
2. Wide application of machine learning techniques in network intrusion detection
3. Online services heavily rely upon machine learning, thus exposes learning algorithms to the threat of data poisoning
4. Most work used outdated datasets

== Project Team ==
=== Students ===
<li>Fengyi Yang 
<li>Elaine Kuan
=== Supervisors ===
<li>Prof. Cheng-Chew Lim 
<li>Prof. Ali Babar

== Objectives ==
Three main objectives of this project are: 
1. To develop learning-based detectors for more than one type of network intrusion. 
2. To simulate an intelligent and adaptive adversary to attack the learning-based system, which means the attack mechanism can be transferable to other "peer" datasets, not only the target one. 
3. To implement a robust proactive defense mechanism to the imposed poisoning attacks. 

== Related Work ==
Phase I: Model Generation & Simple Attack Simulation
Phase II: State-of-the-Art Attacks & Defence Methods Implementation
Phase III: Model Security Evaluation Using Simulated Network Topology

== Methodology ==

== References ==