Skip to content
/ adversarial-recurrent-ids Public
forked from muxamilian/privacy-tuw

Contact: Alexander Hartl, Maximilian Bachl, Fares Meghdouri. Explainability methods and Adversarial Robustness metrics for RNNs for Intrusion Detection Systems. Also contains code for "SparseIDS: Learning Packet Sampling with Reinforcement Learning" (branch "rl").

License

GPL-3.0 license
15 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CN-TU/adversarial-recurrent-ids

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

553 Commits
paper
paper
 
 
plots
plots
 
 
report
report
 
 
result_sheets
result_sheets
 
 
runs
runs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
analyze.py
analyze.py
 
 
auxplot.py
auxplot.py
 
 
characteristic_flows.py
characteristic_flows.py
 
 
features.json
features.json
 
 
features_meaningful_names.json
features_meaningful_names.json
 
 
flows.pickle.gz.part-aa
flows.pickle.gz.part-aa
 
 
flows.pickle.gz.part-ab
flows.pickle.gz.part-ab
 
 
flows.pickle.gz.part-ac
flows.pickle.gz.part-ac
 
 
flows.pickle.gz.part-ad
flows.pickle.gz.part-ad
 
 
flows15.pickle.gz.part-aa
flows15.pickle.gz.part-aa
 
 
flows15.pickle.gz.part-ab
flows15.pickle.gz.part-ab
 
 
flows15.pickle.gz.part-ac
flows15.pickle.gz.part-ac
 
 
flows15.pickle.gz.part-ad
flows15.pickle.gz.part-ad
 
 
flows15.pickle.gz.part-ae
flows15.pickle.gz.part-ae
 
 
flows15.pickle.gz.part-af
flows15.pickle.gz.part-af
 
 
flows15.pickle.gz.part-ag
flows15.pickle.gz.part-ag
 
 
flows15_categories_mapping.json
flows15_categories_mapping.json
 
 
flows_categories_mapping.json
flows_categories_mapping.json
 
 
learn.py
learn.py
 
 
mutinfo_example.py
mutinfo_example.py
 
 
parse.py
parse.py
 
 
plot.py
plot.py
 
 
plot2.py
plot2.py
 
 
plot2_adv.py
plot2_adv.py
 
 
plot_adv.py
plot_adv.py
 
 
plot_features.py
plot_features.py
 
 
plot_new.py
plot_new.py
 
 
plot_pdp.py
plot_pdp.py
 
 
weight_feat_imp.py
weight_feat_imp.py
 
 

Repository files navigation

adversarial-recurrent-ids

Contact: Alexander Hartl, Maximilian Bachl.

This repository contains the code and the figures for the paper (arXiv) dealing with Explainability and Adversarial Robustness for RNNs. We perform our study in the context of Intrusion Detection Systems.

For the code of the SparseIDS paper please check out the rl branch.

Datasets

We use two datasets in the paper: CIC-IDS-2017 and UNSW-NB-15. The repository contains a preprocessed version of the datasets (refer to the paper for more information).

flows.pickle is for CIC-IDS-2017 while flows15.pickle is for UNSW-NB-15. Due to size constraints on GitHub they had to be split. Restore flows.pickle as follows:

  • Concatenate the parts: cat flows.pickle.gz.part-* > flows.pickle.gz
  • Unzip them: gzip -d flows.pickle.gz

Proceed analogously for flows15.pickle.

If you want to produce the preprocessed files yourself:

  • Follow the information on how to reproduce the preprocessed datasets in the Datasets-preprocessing repository to generate labeled data for the packet feature vector.
  • Run the parse.py script on the resulting .csv file to get the final .pickle file.

Usage examples

A list of command-line arguments is printed when calling learn.py without arguments. Here we provide a few examples of how learn.py can be called.

# Train a new model
./learn.py --dataroot flows.pickle
# Evaluate a model on the test dataset
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function test
# Compute several feature importance metrics
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function feature_importance
./learn.py --dataroot flows.pickle --net runs/Nov19_18-25-03_gpu/lstm_module_898.pth --function dropout_feature_importance
./learn.py --dataroot flows.pickle --net runs/Nov19_18-25-03_gpu/lstm_module_898.pth --function dropout_feature_correlation
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --adjustFeatImpDistribution --function mutinfo_feat_imp
./weight_feat_imp.py runs/Oct26_00-03-50_gpu/lstm_module_1284.pth
# Generate adversarial samples
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function adv
# Perform adversarial training
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --advTraining
# Compute ARS
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function adv_until_less_than_half

Trained models

Models in the runs folder have been trained with the following configurations:

  • Oct26_00-03-50_gpu: CIC-IDS-2017
  • Oct28_15-41-46_gpu: UNSW-NB-15
  • Nov19_18-25-03_gpu: CIC-IDS-2017 with feature dropout
  • Nov19_18-25-53_gpu: UNSW-NB-15 with feature dropout
  • Nov20_18-27-31_gpu: CIC-IDS-2017 with adversarial training using L1 distance and CW with kappa=1
  • Nov20_18-28-17_gpu: UNSW-NB-15 with adversarial training using L1 distance and CW with kappa=1

About

Contact: Alexander Hartl, Maximilian Bachl, Fares Meghdouri. Explainability methods and Adversarial Robustness metrics for RNNs for Intrusion Detection Systems. Also contains code for "SparseIDS: Learning Packet Sampling with Reinforcement Learning" (branch "rl").

Topics

rnn adversarial-machine-learning feature-importance rnn-lstm explainability adversarial-robustness feature-sensitivity

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

15 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TeX 72.5%
  • Python 27.5%