Evaluating Label Flipping Attack in Deep Learning-Based NIDS

Network intrusion detection systems are one of the key elements of any cybersecurity defensive system. Since these systems require processing a high volume of data, using deep learning models is a suitable approach for solving these problems. But, deep learning models are vulnerable to several attacks, including evasion attacks and poisoning attacks. The network security domain lacks the evaluation of poisoning attacks against NIDS. In this paper, we evaluate the label-flipping attack using two well-known datasets. We perform our experiments with different amounts of flipped labels from 10% to 70% of the samples in the datasets. Also, different ratios of malicious to benign samples are used in the experiments to explore the effect of datasets' characteristics. The results show that the label-flipping attack decreases the model's performance significantly. The accuracy for both datasets drops from 97% to 29% when 70% of the labels are flipped. Also, results show that using datasets with different ratios does not significantly affect the attack's performance.