Nowroozi, Ehsan and Mekdad, Yassine and Berenjestanaki, Mohammad Hajian and Conti, Mauro and El Fergougui, Abdeslam (2022) Demystifying the transferability of adversarial attacks in computer networks. IEEE Transactions on Network and Service Management, 19 (3). pp. 3387-3400. ISSN 1932-4537
This is the latest version of this item.
PDF
Demystifying_the_Transferability_of_Adversarial_Attacks_in_Computer_Networks.pdf
Restricted to Registered users only
Download (6MB) | Request a copy
Demystifying_the_Transferability_of_Adversarial_Attacks_in_Computer_Networks.pdf
Restricted to Registered users only
Download (6MB) | Request a copy
Official URL: http://dx.doi.org/10.1109/TNSM.2022.3164354
Abstract
Convolutional Neural Networks (CNNs) models are one of the most frequently used deep learning networks, and extensively used in both academia and industry. Recent studies demonstrated that adversarial attacks against such models can maintain their effectiveness even when used on models other than the one targeted by the attacker. This major property is known as transferability, and makes CNNs ill-suited for security applications. In this paper, we provide the first comprehensive study which assesses the robustness of CNN-based models for computer networks against adversarial transferability. Furthermore, we investigate whether the transferability property issue holds in computer networks applications. In our experiments, we first consider five different attacks: the Iterative Fast Gradient Method (I-FGSM), the Jacobian-based Saliency Map (JSMA), the Limited-memory Broyden Fletcher Goldfarb Shanno BFGS (L-BFGS), the Projected Gradient Descent (PGD), and the DeepFool attack. Then, we perform these attacks against three well-known datasets: the Network-based Detection of IoT (N-BaIoT) dataset, the Domain Generating Algorithms (DGA) dataset, and the RIPE Atlas dataset. Our experimental results show clearly that the transferability happens in specific use cases for the I-FGSM, the JSMA, and the LBFGS attack. In such scenarios, the attack success rate on the target network range from 63.00% to 100%. Finally, we suggest two shielding strategies to hinder the attack transferability, by considering the Most Powerful Attacks (MPAs), and the mismatch LSTM architecture.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Adversarial examples, Attack transferability, Machine and Deep learning, Adversarial machine learning, Computer networks, Convolutional neural networks, Cybersecurity. |
Subjects: | T Technology > T Technology (General) T Technology > T Technology (General) > T055.4-60.8 Industrial engineering. Management engineering > T58.5 Information technology Q Science > QA Mathematics > QA075 Electronic computers. Computer science Q Science > QA Mathematics > QA076 Computer software |
Divisions: | Center of Excellence in Data Analytics Faculty of Engineering and Natural Sciences |
Depositing User: | Ehsan Nowroozi |
Date Deposited: | 06 Sep 2023 14:49 |
Last Modified: | 06 Sep 2023 14:50 |
URI: | https://research.sabanciuniv.edu/id/eprint/47780 |
Available Versions of this Item
-
Demystifying the transferability of adversarial attacks in computer networks. (deposited 08 Apr 2022 11:37)
- Demystifying the transferability of adversarial attacks in computer networks. (deposited 06 Sep 2023 14:49) [Currently Displayed]