Skip to content
/ adversarial-recurrent-ids Public
forked from CN-TU/adversarial-recurrent-ids

Contact: Alexander Hartl, Maximilian Bachl, Fares Meghdouri. Explainability methods and Adversarial Robustness metrics for RNNs for Intrusion Detection Systems. Also contains code for "SparseIDS: Learning Packet Sampling with Reinforcement Learning" (branch "rl").

License

GPL-3.0 license
0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fm94/adversarial-recurrent-ids

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

551 Commits

paper

paper

 
 

plots

plots

 
 

report

report

 
 

result_sheets

result_sheets

 
 

runs

runs

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

analyze.py

analyze.py

 
 

auxplot.py

auxplot.py

 
 

characteristic_flows.py

characteristic_flows.py

 
 

features.json

features.json

 
 

features_meaningful_names.json

features_meaningful_names.json

 
 

flows.pickle.gz.part-aa

flows.pickle.gz.part-aa

 
 

flows.pickle.gz.part-ab

flows.pickle.gz.part-ab

 
 

flows.pickle.gz.part-ac

flows.pickle.gz.part-ac

 
 

flows.pickle.gz.part-ad

flows.pickle.gz.part-ad

 
 

flows15.pickle.gz.part-aa

flows15.pickle.gz.part-aa

 
 

flows15.pickle.gz.part-ab

flows15.pickle.gz.part-ab

 
 

flows15.pickle.gz.part-ac

flows15.pickle.gz.part-ac

 
 

flows15.pickle.gz.part-ad

flows15.pickle.gz.part-ad

 
 

flows15.pickle.gz.part-ae

flows15.pickle.gz.part-ae

 
 

flows15.pickle.gz.part-af

flows15.pickle.gz.part-af

 
 

flows15.pickle.gz.part-ag

flows15.pickle.gz.part-ag

 
 

flows15_categories_mapping.json

flows15_categories_mapping.json

 
 

flows_categories_mapping.json

flows_categories_mapping.json

 
 

learn.py

learn.py

 
 

mutinfo_example.py

mutinfo_example.py

 
 

parse.py

parse.py

 
 

plot.py

plot.py

 
 

plot2.py

plot2.py

 
 

plot2_adv.py

plot2_adv.py

 
 

plot_adv.py

plot_adv.py

 
 

plot_features.py

plot_features.py

 
 

plot_new.py

plot_new.py

 
 

plot_pdp.py

plot_pdp.py

 
 

weight_feat_imp.py

weight_feat_imp.py

 
 

Repository files navigation

adversarial-recurrent-ids

Contact: Alexander Hartl, Maximilian Bachl.

This repository contains the code and the figures for the upcoming paper dealing with Explainability and Adversarial Robustness for RNNs. We perform our study in the context of Intrusion Detection Systems.

Datasets

We use two datasets in the paper: CIC-IDS-2017 and UNSW-NB-15. The repository contains a preprocessed version of the datasets (refer to the paper for more information).

flows.pickle is for CIC-IDS-2017 while flows15.pickle is for UNSW-NB-15. Due to size constraints on GitHub they had to be split. Restore flows.pickle as follows:

  • Concatenate the parts: cat flows.pickle.gz.part-* > flows.pickle.gz
  • Unzip them: gzip -d flows.pickle.gz

Proceed analogously for flows15.pickle.

If you want to produce the preprocessed files yourself:

  • Follow the information on how to reproduce the preprocessed datasets in the Datasets-preprocessing repository.
  • Run the parse.py script on the resulting .csv file to get the final .pickle file.

Usage examples

A list of command-line arguments is printed when calling learn.py without arguments. Here we provide a few examples of how learn.py can be called.

# Train a new model
./learn.py --dataroot flows.pickle
# Evaluate a model on the test dataset
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function test
# Compute several feature importance metrics
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function feature_importance
./learn.py --dataroot flows.pickle --net runs/Nov19_18-25-03_gpu/lstm_module_898.pth --function dropout_feature_importance
./learn.py --dataroot flows.pickle --net runs/Nov19_18-25-03_gpu/lstm_module_898.pth --function dropout_feature_correlation
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --adjustFeatImpDistribution --function mutinfo_feat_imp
./weight_feat_imp.py runs/Oct26_00-03-50_gpu/lstm_module_1284.pth
# Generate adversarial samples
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function adv
# Perform adversarial training
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --advTraining
# Compute ARS
./learn.py --dataroot flows.pickle --net runs/Oct26_00-03-50_gpu/lstm_module_1284.pth --function adv_until_less_than_half

Trained models

Models in the runs folder have been trained with the following configurations:

  • Oct26_00-03-50_gpu: CIC-IDS-2017
  • Oct28_15-41-46_gpu: UNSW-NB-15
  • Nov19_18-25-03_gpu: CIC-IDS-2017 with feature dropout
  • Nov19_18-25-53_gpu: UNSW-NB-15 with feature dropout
  • Nov20_18-27-31_gpu: CIC-IDS-2017 with adversarial training using L1 distance and CW with kappa=1
  • Nov20_18-28-17_gpu: UNSW-NB-15 with adversarial training using L1 distance and CW with kappa=1

About

Contact: Alexander Hartl, Maximilian Bachl, Fares Meghdouri. Explainability methods and Adversarial Robustness metrics for RNNs for Intrusion Detection Systems. Also contains code for "SparseIDS: Learning Packet Sampling with Reinforcement Learning" (branch "rl").

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TeX 72.5%
  • Python 27.5%