KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs
- URL: http://arxiv.org/abs/2506.19802v1
- Date: Tue, 24 Jun 2025 17:08:58 GMT
- Title: KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs
- Authors: Xin Fan Guo, Albert Merono Penuela, Sergio Maffeis, Fabio Pierazzi,
- Abstract summary: We propose KnowML, a framework for knowledge-guided machine learning that integrates attack knowledge into ML-NIDS.<n>We evaluate KnowML on 28 realistic attack variants, of which 10 are newly collected for this study.
- Score: 7.155121937602244
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Despite extensive research on Machine Learning-based Network Intrusion Detection Systems (ML-NIDS), their capability to detect diverse attack variants remains uncertain. Prior studies have largely relied on homogeneous datasets, which artificially inflate performance scores and offer a false sense of security. Designing systems that can effectively detect a wide range of attack variants remains a significant challenge. The progress of ML-NIDS continues to depend heavily on human expertise, which can embed subjective judgments of system designers into the model, potentially hindering its ability to generalize across diverse attack types. To address this gap, we propose KnowML, a framework for knowledge-guided machine learning that integrates attack knowledge into ML-NIDS. KnowML systematically explores the threat landscape by leveraging Large Language Models (LLMs) to perform automated analysis of attack implementations. It constructs a unified Knowledge Graph (KG) of attack strategies, on which it applies symbolic reasoning to generate KG-Augmented Input, embedding domain knowledge directly into the design process of ML-NIDS. We evaluate KnowML on 28 realistic attack variants, of which 10 are newly collected for this study. Our findings reveal that baseline ML-NIDS models fail to detect several variants entirely, achieving F1 scores as low as 0 %. In contrast, our knowledge-guided approach achieves up to 99 % F1 score while maintaining a False Positive Rate below 0.1 %.
Related papers
- Knowledge Transfer from LLMs to Provenance Analysis: A Semantic-Augmented Method for APT Detection [1.2571354974258824]
We propose a new strategy for taking advantage of Large Language Models (LLMs) in provenance-based threat detection.<n>LLMs offer additional details in provenance data interpretation, leveraging their knowledge of system calls, software identity, and high-level understanding of application execution context.<n>In our evaluation, supervised threat detection achieves a precision of 99.0%, and semi-supervised anomaly detection attains a precision of 96.9%.
arXiv Detail & Related papers (2025-03-24T03:51:09Z) - MM-PoisonRAG: Disrupting Multimodal RAG with Local and Global Poisoning Attacks [109.53357276796655]
Multimodal large language models (MLLMs) equipped with Retrieval Augmented Generation (RAG)<n>RAG enhances MLLMs by grounding responses in query-relevant external knowledge.<n>This reliance poses a critical yet underexplored safety risk: knowledge poisoning attacks.<n>We propose MM-PoisonRAG, a novel knowledge poisoning attack framework with two attack strategies.
arXiv Detail & Related papers (2025-02-25T04:23:59Z) - Attention Tracker: Detecting Prompt Injection Attacks in LLMs [62.247841717696765]
Large Language Models (LLMs) have revolutionized various domains but remain vulnerable to prompt injection attacks.<n>We introduce the concept of the distraction effect, where specific attention heads shift focus from the original instruction to the injected instruction.<n>We propose Attention Tracker, a training-free detection method that tracks attention patterns on instruction to detect prompt injection attacks.
arXiv Detail & Related papers (2024-11-01T04:05:59Z) - Uncertainty is Fragile: Manipulating Uncertainty in Large Language Models [79.76293901420146]
Large Language Models (LLMs) are employed across various high-stakes domains, where the reliability of their outputs is crucial.
Our research investigates the fragility of uncertainty estimation and explores potential attacks.
We demonstrate that an attacker can embed a backdoor in LLMs, which, when activated by a specific trigger in the input, manipulates the model's uncertainty without affecting the final output.
arXiv Detail & Related papers (2024-07-15T23:41:11Z) - Enhancing ML-Based DoS Attack Detection Through Combinatorial Fusion
Analysis [2.7973964073307265]
Mitigating Denial-of-Service (DoS) attacks is vital for online service security and availability.
We suggest an innovative method, fusion, which combines multiple ML models using advanced algorithms.
Our findings emphasize the potential of this approach to improve DoS attack detection and contribute to stronger defense mechanisms.
arXiv Detail & Related papers (2023-10-02T02:21:48Z) - Enhancing Trustworthiness in ML-Based Network Intrusion Detection with Uncertainty Quantification [0.0]
Intrusion Detection Systems (IDSs) are security devices designed to identify and mitigate attacks to modern networks.
Data-driven approaches based on Machine Learning (ML) have gained more and more popularity for executing the classification tasks.
However, typical ML models adopted for this purpose do not properly take into account the uncertainty associated with their prediction.
arXiv Detail & Related papers (2023-09-05T13:52:41Z) - Vulnerability of Machine Learning Approaches Applied in IoT-based Smart Grid: A Review [51.31851488650698]
Machine learning (ML) sees an increasing prevalence of being used in the internet-of-things (IoT)-based smart grid.
adversarial distortion injected into the power signal will greatly affect the system's normal control and operation.
It is imperative to conduct vulnerability assessment for MLsgAPPs applied in the context of safety-critical power systems.
arXiv Detail & Related papers (2023-08-30T03:29:26Z) - Benchmarking Machine Learning Robustness in Covid-19 Genome Sequence
Classification [109.81283748940696]
We introduce several ways to perturb SARS-CoV-2 genome sequences to mimic the error profiles of common sequencing platforms such as Illumina and PacBio.
We show that some simulation-based approaches are more robust (and accurate) than others for specific embedding methods to certain adversarial attacks to the input sequences.
arXiv Detail & Related papers (2022-07-18T19:16:56Z) - Threat Assessment in Machine Learning based Systems [12.031113181911627]
We conduct an empirical study of threats reported against Machine Learning-based systems.
The study is based on 89 real-world ML attack scenarios from the MITRE's ATLAS database, the AI Incident Database, and the literature.
Results show that convolutional neural networks were one of the most targeted models among the attack scenarios.
arXiv Detail & Related papers (2022-06-30T20:19:50Z) - From Zero-Shot Machine Learning to Zero-Day Attack Detection [3.6704226968275258]
In certain applications such as Network Intrusion Detection Systems, it is challenging to obtain data samples for all attack classes that the model will most likely observe in production.
In this paper, a zero-shot learning methodology has been proposed to evaluate the ML model performance in the detection of zero-day attack scenarios.
arXiv Detail & Related papers (2021-09-30T06:23:00Z) - Practical Machine Learning Safety: A Survey and Primer [81.73857913779534]
Open-world deployment of Machine Learning algorithms in safety-critical applications such as autonomous vehicles needs to address a variety of ML vulnerabilities.
New models and training techniques to reduce generalization error, achieve domain adaptation, and detect outlier examples and adversarial attacks.
Our organization maps state-of-the-art ML techniques to safety strategies in order to enhance the dependability of the ML algorithm from different aspects.
arXiv Detail & Related papers (2021-06-09T05:56:42Z) - Evaluating and Improving Adversarial Robustness of Machine
Learning-Based Network Intrusion Detectors [21.86766733460335]
We study the first systematic study of the gray/black-box traffic-space adversarial attacks to evaluate the robustness of ML-based NIDSs.
Our work outperforms previous ones in the following aspects.
We also propose a defense scheme against adversarial attacks to improve system robustness.
arXiv Detail & Related papers (2020-05-15T13:06:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.