Table of Contents
Fetching ...

PCAP-Backdoor: Backdoor Poisoning Generator for Network Traffic in CPS/IoT Environments

Ajesh Koyatan Chathoth, Stephen Lee

TL;DR

The paper tackles the vulnerability of deep learning–based intrusion detection systems (IDS) in CPS/IoT environments to backdoor poisoning. It proposes PCAP-Backdoor, a method to inject backdoor triggers directly into Packet Capture (PCAP) datasets, enabling manipulation of flow-based features without access to the model's feature extractor. Empirically, the approach achieves high attack success rates with as little as 1%–2% poisoned data across multiple attack types and IDS architectures, while remaining challenging to detect with activation-clustering defenses. This work highlights a practical and underexplored threat in traffic-analysis pipelines and underscores the need for robust defenses for data-driven IDS deployed in IoT and CPS contexts.

Abstract

The rapid expansion of connected devices has made them prime targets for cyberattacks. To address these threats, deep learning-based, data-driven intrusion detection systems (IDS) have emerged as powerful tools for detecting and mitigating such attacks. These IDSs analyze network traffic to identify unusual patterns and anomalies that may indicate potential security breaches. However, prior research has shown that deep learning models are vulnerable to backdoor attacks, where attackers inject triggers into the model to manipulate its behavior and cause misclassifications of network traffic. In this paper, we explore the susceptibility of deep learning-based IDS systems to backdoor attacks in the context of network traffic analysis. We introduce \texttt{PCAP-Backdoor}, a novel technique that facilitates backdoor poisoning attacks on PCAP datasets. Our experiments on real-world Cyber-Physical Systems (CPS) and Internet of Things (IoT) network traffic datasets demonstrate that attackers can effectively backdoor a model by poisoning as little as 1\% or less of the entire training dataset. Moreover, we show that an attacker can introduce a trigger into benign traffic during model training yet cause the backdoored model to misclassify malicious traffic when the trigger is present. Finally, we highlight the difficulty of detecting this trigger-based backdoor, even when using existing backdoor defense techniques.

PCAP-Backdoor: Backdoor Poisoning Generator for Network Traffic in CPS/IoT Environments

TL;DR

The paper tackles the vulnerability of deep learning–based intrusion detection systems (IDS) in CPS/IoT environments to backdoor poisoning. It proposes PCAP-Backdoor, a method to inject backdoor triggers directly into Packet Capture (PCAP) datasets, enabling manipulation of flow-based features without access to the model's feature extractor. Empirically, the approach achieves high attack success rates with as little as 1%–2% poisoned data across multiple attack types and IDS architectures, while remaining challenging to detect with activation-clustering defenses. This work highlights a practical and underexplored threat in traffic-analysis pipelines and underscores the need for robust defenses for data-driven IDS deployed in IoT and CPS contexts.

Abstract

The rapid expansion of connected devices has made them prime targets for cyberattacks. To address these threats, deep learning-based, data-driven intrusion detection systems (IDS) have emerged as powerful tools for detecting and mitigating such attacks. These IDSs analyze network traffic to identify unusual patterns and anomalies that may indicate potential security breaches. However, prior research has shown that deep learning models are vulnerable to backdoor attacks, where attackers inject triggers into the model to manipulate its behavior and cause misclassifications of network traffic. In this paper, we explore the susceptibility of deep learning-based IDS systems to backdoor attacks in the context of network traffic analysis. We introduce \texttt{PCAP-Backdoor}, a novel technique that facilitates backdoor poisoning attacks on PCAP datasets. Our experiments on real-world Cyber-Physical Systems (CPS) and Internet of Things (IoT) network traffic datasets demonstrate that attackers can effectively backdoor a model by poisoning as little as 1\% or less of the entire training dataset. Moreover, we show that an attacker can introduce a trigger into benign traffic during model training yet cause the backdoored model to misclassify malicious traffic when the trigger is present. Finally, we highlight the difficulty of detecting this trigger-based backdoor, even when using existing backdoor defense techniques.
Paper Structure (25 sections, 10 figures, 2 tables, 2 algorithms)

This paper contains 25 sections, 10 figures, 2 tables, 2 algorithms.

Figures (10)

  • Figure 1: Illustration of clean label backdoor attacks on network packets of an IDS. Instead of modifying the features, our attack modifies the packet streams to execute the attack.
  • Figure 2: TCP ACKed unseen segment, and TCP ports reused error using a strawman approach.
  • Figure 3: An illustration of PCAP-Backdoor injection technique. During the training phase, a small portion of the benign packets are poisoned. During the attack phase, attack packets are poisoned; thus, the model predicts them as benign.
  • Figure 4: Wireshark view of original bidirectional packets and injected packets.
  • Figure 5: Model performance on various attack types.
  • ...and 5 more figures