Master's Thesis: The feasibility of evasion attacks against ML-based NIDSs

Background
Machine learning-based Intrusion Detection Systems (IDS) are commonly employed to monitor network traffic and detect suspicious activities that could signal a potential cyber-attack. These systems can be tailored to identify specific types of threats, issuing alerts, and even taking automated actions to block attacks or isolate compromised devices. By utilizing IDS, organizations and service providers can safeguard their networks from various cyber threats, ensuring the protection of their devices and data. However, ML-based IDSs themselves can become targets of attacks. For instance, adversarial attacks that create instances designed to bypass detection, known as model evasion attacks, are a growing concern.

Thesis description
This project aims to investigate the feasibility of model evasion attacks against ML-based IDSs. While previous studies have highlighted the vulnerability of ML-based IDS to adversarial samples, these samples are often generated based on extracted network traffic features, making them impractical for real-world deployment. To address this limitation, this research will explore the practical simulation of adversarial network traffic, aiming to understand its characteristics and assess the effectiveness of model evasion attacks in realistic scenarios.

RISE will provide the necessary background information and guidance throughout the completion of the master thesis. The student's tasks for this project will include:

• Conducting a comprehensive study on state-of-the-art techniques of model evasion attack on ML-based IDSs.
• Assessing the effectiveness of the adversarial samples to the ML-based IDS.
• Design and implement novel techniques to craft adversarial samples that can practically evade the ML-based IDSs.
• Conducting experimental evaluations of the developed solutions in a laboratory environment.
• Documenting all activities and outcomes of the research in the form of a comprehensive thesis report.

Student profile
We are looking for an ambitious MSc student who has fulfilled the course requirements. Good programming skills in Python are required, as is good spoken and written English. Experience with machine learning and network security is a plus. Applications should include a brief personal statement, a CV, and a list of grades. The application has to mention previous activities or other projects that are relevant for the position.

This thesis will be conducted within the RISE Cybersecurity Unit in Kista, Stockholm.

Candidates are encouraged to send their application as soon as possible. Suitable applicants will be interviewed as applications are received. A successful candidate will have the opportunity to contribute to European Research & Development security projects.

About us
RISE Research Institutes of Sweden AB is a research organization owned by the Swedish government. This thesis will be conducted within the RISE Cybersecurity Unit, which is among the largest publicsector cybersecurity research groups in Sweden. Our core areas of expertise are: IoT Security, Cloud Security, Network & Communication Security, Access Control, Privacy (technical and social aspects), and Secure Virtualization and Trusted Computing. The RISE Cybersecurity Unit is the European leader in IoT security research & development. In additional to a strong research environment, RISE

Cybersecurity is the owner of the RISE Cyber Range, a cybersecurity test and demo facility in Kista with a critical infrastructure grade security, that provides a trusted place for Swedish industry to understand and address their cybersecurity needs. RISE Cyber Range, in addition to providing practical cybersecurity education, training and exercise, is an environment for state-of-the-art cybersecurity research and development.

Welcome with your application
If you want to know more, please contact Han Wang (han.wang@ri.se). Last day of application is