Red Team Evaluation of Network Intrusion Detection Systems
Recent advancements in artificial intelligence (AI) and machine learning (ML) algorithms, coupled with the availability of faster computing infrastructure, have enhanced the security posture of cybersecurity operations centers (defenders) through the development of ML-aided network intrusion detection systems (NIDS). Concurrently, the abilities of adversaries to evade security have also increased with the support of AI/ML models. Therefore, defenders must proactively prepare for evasion attacks that exploit the detection mechanisms of NIDS.
This project develops an AI-enabled methodological framework to generate adversarial packets. By taking raw malicious network packets as inputs and systematically making perturbations on them, the deep reinforcement learning-enabled framework camouflages them as benign packets while still maintaining their functionality. The knowledge gained from the research study on the adversary's ability to make specific evasive perturbations to different types of malicious packets will help defenders enhance the robustness of their NIDS against evolving adversarial attacks.
Related paper:
Deep PackGen: A Deep Reinforcement Learning Framework for Adversarial Network Packet Generation