In today’s day and age, security is the buzz of the tech world. Questions and concerns revolving around privacy and the safety of users personal information are always being brought up time and time again, with good reason. Users are frequently updating their personal information, their location, and more on a daily basis from their phones. This also includes banking statements and transactions, and where is it being stored? On clouds in secured networks of course! Without the proper security measures in place, anyone from anywhere in the world can access this information.
Intrusion Detection Systems (IDS) are the first line of defense for any system or network. It does as its name says: it is a system that detects any kind of intrusion. AN IDS can either be rule-based, where traffic of any kind has to be checked by a set of rules in order to pass through, or created using machine learning algorithms, where the algorithm is dynamically creating new rules based on the type of traffic it sees. These systems detect and classify traffic as good or malicious, and are the inherent gatekeepers of the system/network. Today, many of these IDS systems are becoming AI-based due to the speed of new advancements in technology. IDS systems have to keep up and we have reached a point in time where it is very difficult for us to write these rules to protect these machines and instead let the machines handle the rules themselves. There is a flaw in these systems though: they are weak against adversarial attacks.
So what is an adversarial attack? Well, first it is important to define what an adversary is. An adversary is defined as one’s opponent in a contest, conflict, or dispute. So an adversarial attack is an attack against the opposition or opposing figure. In this case, an adversarial attack would be an attack against an IDS. Adversarial attacks are created by adversarial artificial intelligence (AI). Adversarial AI is a machine learning system that is AI’s natural opponent, and it challenges AI using AI. IDSs are very good at classifying malicious and good traffic but are struggling to classify malicious traffic disguised as good traffic.
There are four cases when traffic attempts to pass through an IDS. The first two cases are normal traffic passing through and malicious traffic being rejected, but there are two cases where traffic can be misclassified. A false positive is when good traffic is considered malicious and rejected before entering the system, and a false negative is when malicious traffic is considered good and is allowed into the system, where positive is assumed to be malicious and negative is assumed to be normal. Adversarial AI focuses on these last two cases; by fooling the system, the adversarial AI system can choose which traffic can enter and which can be rejected.
IDS’s and adversarial AI are two major players fighting to outsmart the other, and the potential for both of these are essentially limitless. That being said, I look forward to seeing how adversarial AI will affect the development of not only IDS but AI as a whole.