TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack

Yam Sharon, David Berend, Yang Liu, Asaf Shabtai, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

15 Scopus citations

Abstract

Network intrusion attacks are a known threat. To detect such attacks, network intrusion detection systems (NIDSs) have been developed and deployed. These systems apply machine learning models to high-dimensional vectors of features extracted from network traffic to detect intrusions. Advances in NIDSs have made it challenging for attackers, who must execute attacks without being detected by these systems. Prior research on bypassing NIDSs has mainly focused on perturbing the features extracted from the attack traffic to fool the detection system, however, this may jeopardize the attack's functionality. In this work, we present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack that can bypass a variety of NIDSs. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. The trained LSTM is used to set the time differences between the malicious traffic packets (attack), without changing their content, such that they will 'behave' like benign network traffic and will not be detected as an intrusion. We evaluate TANTRA on eight common intrusion attacks and three state-of-the-art NIDS systems, achieving an average success rate of 99.99% in network intrusion detection system evasion. We also propose a novel mitigation technique to address this new evasion attack.

Original languageEnglish
Pages (from-to)3225-3237
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
Volume17
DOIs
StatePublished - 1 Jan 2022

Keywords

  • Network intrusion
  • adversarial attack
  • deep learning
  • neural networks

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack'. Together they form a unique fingerprint.

Cite this