A Membership Inference and Adversarial Attack Defense Framework for Network Traffic Classifiers

Liu, G; Zhang, W; Wang, X; King, S; Yu, S

A Membership Inference and Adversarial Attack Defense Framework for Network Traffic Classifiers

Liu, G Zhang, W Wang, X King, S Yu, S

Permalink

Publisher:: Institute of Electrical and Electronics Engineers (IEEE)
Publication Type:: Journal Article
Citation:: IEEE Transactions on Artificial Intelligence, 2024, PP, (99), pp. 1-16
Issue Date:: 2024-01-01

Closed Access

	Filename	Description	Size
	1702815.pdf	Published version	11.61 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Liu, G
dc.contributor.author	Zhang, W
dc.contributor.author	Wang, X
dc.contributor.author	King, S
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date.accessioned	2024-08-07T04:45:36Z
dc.date.available	2024-08-07T04:45:36Z
dc.date.issued	2024-01-01
dc.identifier.citation	IEEE Transactions on Artificial Intelligence, 2024, PP, (99), pp. 1-16
dc.identifier.issn	2691-4581
dc.identifier.issn	2691-4581
dc.identifier.uri	http://hdl.handle.net/10453/180228
dc.description.abstract	Malicious traffic identification methods in intrusion detection systems have evolved from rule-based matching to machine learning. However, security risks such as membership inference and adversarial attacks hinder the practical deployment of machine learning-based network intrusion detection systems (ML-NIDS). In this work, we design a defense framework called HierarchicalDP to safeguard ML-NIDS against membership inference and adversarial attacks. First, we analyse the principles of membership inference and adversarial attacks to find their correlation. Based on this, we propose the Feature Distribution Security Metric (FDSM) to measure the risk of membership inference and adversarial attacks on ML-NIDS. Then, we design the Hierarchical Differential Privacy (HierarchicalDP) framework, which partitions network traffic sample features according to security levels and introduces distinct noise on each security level feature to satisfy FDSM, thus defensing against membership inference and adversarial attacks. Finally, we evaluate the defensive performance of the HierarchicalDP framework on two network traffic datasets and four machine learning models. The HierarchicalDP defense framework, based on Laplace noise, reduces the success rate of membership inference from 64.9% to 54.4% (ineffective binary classification), the evasion rate of adversarial samples from 86.1% to 23.2%, and maintains model accuracy fluctuations within 4.2%. Furthermore, the HierarchicalDP framework adjusts sample features without modifying the model, thereby not affecting the inference speed. HierarchicalDP offers efficient and convenient defenses for ML-NIDS deployed in a network.
dc.language	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof	IEEE Transactions on Artificial Intelligence
dc.relation.isbasedon	10.1109/TAI.2024.3357791
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject.classification	4602 Artificial intelligence
dc.subject.classification	4603 Computer vision and multimedia computation
dc.subject.classification	4611 Machine learning
dc.title	A Membership Inference and Adversarial Attack Defense Framework for Network Traffic Classifiers
dc.type	Journal Article
utslib.citation.volume	PP
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
utslib.copyright.status	closed_access	*
dc.date.updated	2024-08-07T04:45:23Z
pubs.issue	99
pubs.publication-status	Published
pubs.volume	PP
utslib.citation.issue	99

Abstract:

Malicious traffic identification methods in intrusion detection systems have evolved from rule-based matching to machine learning. However, security risks such as membership inference and adversarial attacks hinder the practical deployment of machine learning-based network intrusion detection systems (ML-NIDS). In this work, we design a defense framework called HierarchicalDP to safeguard ML-NIDS against membership inference and adversarial attacks. First, we analyse the principles of membership inference and adversarial attacks to find their correlation. Based on this, we propose the Feature Distribution Security Metric (FDSM) to measure the risk of membership inference and adversarial attacks on ML-NIDS. Then, we design the Hierarchical Differential Privacy (HierarchicalDP) framework, which partitions network traffic sample features according to security levels and introduces distinct noise on each security level feature to satisfy FDSM, thus defensing against membership inference and adversarial attacks. Finally, we evaluate the defensive performance of the HierarchicalDP framework on two network traffic datasets and four machine learning models. The HierarchicalDP defense framework, based on Laplace noise, reduces the success rate of membership inference from 64.9% to 54.4% (ineffective binary classification), the evasion rate of adversarial samples from 86.1% to 23.2%, and maintains model accuracy fluctuations within 4.2%. Furthermore, the HierarchicalDP framework adjusts sample features without modifying the model, thereby not affecting the inference speed. HierarchicalDP offers efficient and convenient defenses for ML-NIDS deployed in a network.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/180228