University of Pittsburgh researchers have developed PCAP–Backdoor, software capable of attacking packet capture (PCAP) datasets through a “backdoor,” bypassing deep learning (DL)-based intrusion detection systems (IDS). Attacks on DL-based IDS can leave networks open to malicious interference with profound implications on businesses, healthcare systems, and national security. The development of PCAP–Backdoor allows researchers to better understand the weaknesses in DL-based IDS vulnerable to attack and could lead to the protection of large, strategically important systems from malicious attacks.
Description
The Internet of Things (IoT) where everything from refrigerators to industrial robots are connected to the internet is a growing area of technology that impacts on almost every aspect of daily life. With rising numbers of items connected to the internet there are increasing pathways for malicious actors to infiltrate systems, gain access to sensitive information, or compromise systems causing damage and chaos. In the first half of 2021 alone, it was estimated over 1.5 billion attempts were made to attack IoT devices. DL-based IDS are deployed in many security systems to detect malicious activity and protect against threats. PCAP–backdoor highlights the weaknesses of DL-based IDS models and allows researchers to better develop stronger protections for IoT devices and networks
Applications
• Cyberattack prevention
• National security protection
Advantages
To overcome the growing number of attacks, many IoT devices use DL-based IDS. These systems are trained to inspect network traffic packets, recognize threats, and prevent attacks based on historical data and can adapt to new data patterns.
PCAP–backdoor is the first time that backdoor attacks on PCAP datasets have been demonstrated. PCAP–backdoor enables an attacker to take control of an IDS training model without any knowledge of the target model architecture, by creating a backdoor in a single IoT device with 1% or less poisoning of the training dataset. Once the IDS model is compromised, the whole system is vulnerable to attack. PCAP–backdoor attacks are subtle and difficult to detect. PCAP–backdoor could aid the development of methods to detect and respond to this type of attack and could have wide reaching benefits.
Invention Readiness
PCAP–backdoor was developed and tested using real-world IoT network traffic dataset. These backdoor attacks achieved a high attack success rate while maintaining a very low trigger percentage. Attacks were successful even when benign traffic from a single IoT device was modified leading to the model misclassifying malicious traffic at a later stage. Further work is required to investigate other approaches to backdoor attacks and design strategies to recognize and mitigate such attacks.
IP Status
Patent Pending