# Adversarial Machine Learning attack against a DL-based NIDS
In this experiment, our primary focus is to assess the robustness of DL-based NIDSs against evasion attacks using AML. Specifically, we evaluate MLP-based and CNN-based NIDSs under two conditions: (1) unperturbed attack and benign network traffic, and (2) manipulated network traffic.

The objective of this study is to analyze how network traffic manipulation impacts the accuracy of the NIDS and to explore how attackers can exploit weaknesses in NIDSs to execute successful attacks.

Both models are designed for binary classification of the network traffic as benign or malicious. Therefore, they return a value between 0 and 1, which is the probability of the input flow of being malicious. 


| <img src="./mlp-cnn.png" width="100%">  |
|--|
| Sample MLP and CNN architectures|


The laboratory is divided into two phases:
-  **Phase 1**: MLP-based NIDS
    - train a pre-defined MLP model and test it using the test set and an unperturbed traffic trace [ddos-chunk-short.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short.pcap)
    - use the modified traces to evade the NIDS:
        - IAT set to 0.5 seconds [ddos-chunk-short-IAT0.5.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-IAT0.5.pcap5.pcap)
        - Random packet length [ddos-chunk-short-PACKETLEN.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-PACKETLEN.pcap)
        - Random TCP Window size [ddos-chunk-short-WINSIZE.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-WINSIZE.pcap)
-  **Phase 2**: CNN-based NIDS
    - Implement a CNN-based NIDS e define the relevant hyper-parameters
    - train the CNN model and test it using the test set and an unperturbed traffic trace [ddos-chunk-short.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short.pcap)
    - use the modified traces to evade the NIDS:
        - IAT set to 0.5 seconds [ddos-chunk-short-IAT0.5.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-IAT0.5.pcap5.pcap)
        - Random packet length [ddos-chunk-short-PACKETLEN.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-PACKETLEN.pcap)
        - Random TCP Window size [ddos-chunk-short-WINSIZE.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-WINSIZE.pcap)

**NOTE:** Select the appropriate model by setting variable ```MODEL_TYPE``` in the first cell of this notebook.

## Dataset
We will use a dataset of benign and various DDoS attacks from the CIC-DDoS2019 dataset (https://www.unb.ca/cic/datasets/ddos-2019.html).
The network traffic has been previously pre-processed in a way that packets are grouped in bi-directional traffic flows using the 5-tuple (source IP, destination IP, source Port, destination Port, protocol). 

Each flow is represented either as a vector of 21 statistical packet-level features (MLP model) or as a 10x20 array (CNN model) of raw packet-level features, where the rows are the packets of the flow in chronological order, while each column is a packet-level feature. 

<div style="display: flex; justify-content: space-between;">

<table>
  <tr>
    <th colspan="2">Features for the MLP model</th>
  </tr>
  <tr>
    <th>Feature nr. </th> <th>Feature Name</th>
  </tr>
  <tr>
    <td>00 </td> <td>timestamp (mean IAT)</td>
  </tr>
  <tr>
    <td>01 </td> <td>packet_length (mean)</td>
  </tr>
  <tr>
    <td>02 </td> <td>IP_flags_df (sum)</td>
  </tr>
  <tr>
    <td>03 </td> <td>IP_flags_mf (sum)</td>
  </tr>
  <tr>
    <td>04 </td> <td>IP_flags_rb (sum)</td>
  </tr>
  <tr>
    <td>05 </td> <td>IP_frag_off (sum)</td>
  </tr>
  <tr>
    <td>06 </td> <td>protocols (mean)</td>
  </tr>
  <tr>
    <td>07 </td> <td>TCP_length (mean)</td>
  </tr>
  <tr>
    <td>08 </td> <td>TCP_flags_ack (sum)</td>
  </tr>
  <tr>
    <td>09 </td> <td>TCP_flags_cwr (sum)</td>
  </tr>
  <tr>
    <td>10 </td> <td>TCP_flags_ecn (sum)</td>
  </tr>
  <tr>
    <td>11 </td> <td>TCP_flags_fin (sum)</td>
  </tr>
  <tr>
    <td>12 </td> <td>TCP_flags_push (sum)</td>
  </tr>
  <tr>
    <td>13 </td> <td>TCP_flags_res (sum)</td>
  </tr>
  <tr>
    <td>14 </td> <td>TCP_flags_reset (sum)</td>
  </tr>
  <tr>
    <td>15 </td> <td>TCP_flags_syn (sum)</td>
  </tr>
  <tr>
    <td>16 </td> <td>TCP_flags_urg (sum)</td>
  </tr>
  <tr>
    <td>17 </td> <td>TCP_window_size (mean)</td>
  </tr>
  <tr>
    <td>18 </td> <td>UDP_length (mean)</td>
  </tr>
  <tr>
    <td>19 </td> <td>ICMP_type (mean)</td>
  </tr>
  <tr>
    <td>20 </td> <td>Packets (counter)</td>
  </tr>
</table>

<table>
  <tr>
    <th colspan="2">Features for the CNN model (columns of the 100x20 array)</th>
  </tr>
  <tr>
    <th>Feature nr. </th> <th>Feature Name</th>
  </tr>
  <tr>
    <td>00 </td> <td>timestamp (IAT)</td>
  </tr>
  <tr>
    <td>01 </td> <td>packet_length (bytes)</td>
  </tr>
  <tr>
    <td>02 </td> <td>IP_flags_df (0/1)</td>
  </tr>
  <tr>
    <td>03 </td> <td>IP_flags_mf (0/1)</td>
  </tr>
  <tr>
    <td>04 </td> <td>IP_flags_rb (0/1)</td>
  </tr>
  <tr>
    <td>05 </td> <td>IP_frag_off (0/1)</td>
  </tr>
  <tr>
    <td>06 </td> <td>protocols (integer)</td>
  </tr>
  <tr>
    <td>07 </td> <td>TCP_length (bytes)</td>
  </tr>
  <tr>
    <td>08 </td> <td>TCP_flags_ack (0/1)</td>
  </tr>
  <tr>
    <td>09 </td> <td>TCP_flags_cwr (0/1)</td>
  </tr>
  <tr>
    <td>10 </td> <td>TCP_flags_ecn (0/1)</td>
  </tr>
  <tr>
    <td>11 </td> <td>TCP_flags_fin (0/1)</td>
  </tr>
  <tr>
    <td>12 </td> <td>TCP_flags_push (0/1)</td>
  </tr>
  <tr>
    <td>13 </td> <td>TCP_flags_res (0/1)</td>
  </tr>
  <tr>
    <td>14 </td> <td>TCP_flags_reset (0/1)</td>
  </tr>
  <tr>
    <td>15 </td> <td>TCP_flags_syn (0/1)</td>
  </tr>
  <tr>
    <td>16 </td> <td>TCP_flags_urg (0/1)</td>
  </tr>
  <tr>
    <td>17 </td> <td>TCP_window_size (bytes)</td>
  </tr>
  <tr>
    <td>18 </td> <td>UDP_length (bytes)</td>
  </tr>
  <tr>
    <td>19 </td> <td>ICMP_type (code)</td>
  </tr>
</table>

</div>

In [None]:
# Author: Roberto Doriguzzi-Corin
# Project: Course on Network Intrusion and Anomaly Detection with Machine Learning
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import time
import argparse
import pyshark
import numpy as np
import pprint
from scipy.stats import uniform, randint
import tensorflow as tf
import matplotlib.pyplot as plt
from keras.wrappers.scikit_learn import KerasClassifier
from sklearn.model_selection import RandomizedSearchCV
from tensorflow.keras.models import Sequential,load_model, save_model
from tensorflow.keras.callbacks import EarlyStopping
from tensorflow.keras.layers import Dense, Conv2D, GlobalMaxPooling2D, Flatten, Dropout
from sklearn.metrics import f1_score, accuracy_score, confusion_matrix
from tensorflow.keras.optimizers import Adam, SGD
from tensorflow.keras.utils import set_random_seed
from lucid_dataset_parser import *
from util_functions import *

# We need the following to get around “RuntimeError: This event loop is already running” when using Pyshark within Jupyter notebooks.
# Not needed in stand-alone Python projects
import nest_asyncio
nest_asyncio.apply()  

EPOCHS = 100
TEST_ITERATIONS=100

### SELECT THE MODEL_TYPE HERE ('MLP' or 'CNN') ###
MODEL_TYPE = 'MLP' 
###################################################

# disable GPUs for test reproducibility
tf.config.set_visible_devices([], 'GPU')

SEED = 0
np.random.seed(SEED)
set_random_seed(SEED)

# Argument parser
The following cell defines the arguments that are accepted by the NIDS. The arguments ```--train``` and ```--predict``` can be used to indicate the folder with the dataset. The script will loaf the ```hdf5``` files for training and testing respectively. The argument ```--predict_live``` can be used to perform predictions on live traffic captured from a network interface (e.g., ```eth0``` or ```lo```) or to make prediction using a pre-recorded traffic trace (e.g, ```ddos-chunk.pcap```). In both cases the argument is a string. In the first case, it is the name of the interface, in the second case, the path to the ```pcap``` file. The argument ```--model``` indicates the path to a trained model that will be used to make predictions (```--predict``` or ```predict_live```). 

In [None]:
parser = argparse.ArgumentParser(description="A DL-based NIDS for DDoS attack detection")
args = parser.parse_args(args=[])
parser.add_argument('-t', '--train', nargs='?', type=str,  default=None, help="Start the training process")
parser.add_argument('-p', '--predict', nargs='?', type=str,  default=None, help="Perform a prediction on pre-preprocessed data")
parser.add_argument('-pl', '--predict_live', nargs='?', type=str, default=None, help='Perform a prediction on live traffic or on a pre-recorded traffic trace in pcap format')
parser.add_argument('-m', '--model', type=str, default = None, help='File containing the model in h5 format')

args, unknown = parser.parse_known_args()
print("see all args:", args)

In [None]:
def report_results(Y_true, Y_pred, model_name, data_source, prediction_time):
    ddos_rate = '{:04.3f}'.format(sum(Y_pred) / Y_pred.shape[0])

    if Y_true is not None and len(Y_true.shape) > 0:  # if we have the labels, we can compute the classification accuracy
        Y_true = Y_true.reshape((Y_true.shape[0], 1))
        accuracy = accuracy_score(Y_true, Y_pred)

        f1 = f1_score(Y_true, Y_pred)
        tn, fp, fn, tp = confusion_matrix(Y_true, Y_pred, labels=[0, 1]).ravel()
        tnr = tn / (tn + fp)
        fpr = fp / (fp + tn)
        fnr = fn / (fn + tp)
        tpr = tp / (tp + fn)

        row = {'Model': model_name, 'Time': '{:04.3f}'.format(prediction_time),
               'Samples': Y_pred.shape[0], 'DDOS%': ddos_rate, 'Accuracy': '{:05.4f}'.format(accuracy), 'F1Score': '{:05.4f}'.format(f1),
               'TPR': '{:05.4f}'.format(tpr), 'FPR': '{:05.4f}'.format(fpr), 'TNR': '{:05.4f}'.format(tnr), 'FNR': '{:05.4f}'.format(fnr), 'Source': data_source}

    pprint.pprint(row, sort_dicts=False)

# Implement a Neural Network model
Finalise the CNN model by using all the four arguments of ```create_CNN_model```. You will use ALL these arguments to tune the model afterwards.

In [None]:
def create_MLP_model(optimizer=Adam, dense_layers=4, hidden_units=2, learning_rate = 0.001):
    model = Sequential(name  = "mlp")
    model.add(Dense(hidden_units, input_shape=(21,), activation='relu'))
    for layer in range(dense_layers):
        model.add(Dense(hidden_units, activation='relu', name='hidden-fc' + str(layer)))
    model.add(Dense(1, activation='sigmoid', name='output'))
    model.compile(optimizer=optimizer(learning_rate=learning_rate), loss='binary_crossentropy', metrics=['accuracy'])
    model.summary()
    return model

# Function to create the CNN model
def create_CNN_model(optimizer=Adam, filters = 100, kernel_size=(3,3), strides=(1,1), padding='same',learning_rate = 0.001,dropout_rate=0.1):
    model = Sequential(name  = "cnn")

    ### ADD YOUR CODE HERE ###

    ##########################
    model.summary()
    return model

# Prediction on static test set

In [None]:
def predict(dataset_path, model_path):
    if dataset_path is not None:
        X_test, y_test = load_dataset(dataset_path + "/*" + '-test.hdf5')

        if model_path == None or model_path.endswith('.h5') == False:
                print ("No valid model specified!")
                exit(-1)

        if model_path is not None:
            model = load_model(model_path)
        else:
            print ("Invalid model path: ", model_path) 
            return

        pt0 = time.time()
        for i in range(TEST_ITERATIONS):
            Y_pred = np.squeeze(model.predict(X_test, batch_size=16) > 0.5,axis=1)
        pt1 = time.time()
        prediction_time = pt1 - pt0

        report_results(np.squeeze(y_test), Y_pred,  model.name, '', prediction_time/TEST_ITERATIONS)

# Prediction on live traffic

In [None]:
def predict_live(source,model_path):
    if source is not None:
        if source.endswith('.pcap'):
            pcap_file = source
            cap = pyshark.FileCapture(pcap_file)
            data_source = pcap_file.split('/')[-1].strip()
        else:
            cap =  pyshark.LiveCapture(interface=source)
            data_source = args.predict_live

        print ("Prediction on network traffic from: ", source)

        if model_path is not None:
            model = load_model(model_path)
        else:
            print ("Invalid model path: ", model_path) 
            return

        # load the labels, if available
        labels = parse_labels('DOS2019')

        if MODEL_TYPE == 'MLP':
            MAX_FLOW_LEN=1000
            mins, maxs = static_min_max(flatten=True,time_window=10,max_flow_len=MAX_FLOW_LEN)
        else:
            MAX_FLOW_LEN=10
            mins, maxs = static_min_max(flatten=False,time_window=10,max_flow_len=MAX_FLOW_LEN)

        while (True):
            samples = process_live_traffic(cap, 'DOS2019', labels, max_flow_len=MAX_FLOW_LEN, traffic_type="all",time_window=10)
            if len(samples) > 0:
                X,Y_true,flow_ids = dataset_to_list_of_fragments(samples)
                if MODEL_TYPE == 'MLP':
                    X = flatten_samples(X)
                    X = np.array(normalize(X, mins, maxs))
                else:
                    X = np.array(normalize_and_padding(X, mins, maxs, MAX_FLOW_LEN))
                if labels is not None:
                    Y_true = np.array(Y_true)
                else:
                    Y_true = None
                
                pt0 = time.time()
                Y_pred = np.squeeze(model.predict(X, batch_size=2048) > 0.5,axis=1)
                pt1 = time.time()
                prediction_time = pt1 - pt0

                report_results(np.squeeze(Y_true), Y_pred,  MODEL_TYPE, '', prediction_time)

# Hyper-parameter tuning
Define the list of hyperparameters, along with their search ranges and distributions, for the CNN model.

In [None]:
def train(dataset_path, model_path):

    if dataset_path is not None:
        X_train, y_train = load_dataset(dataset_path + "/*" + '-train.hdf5')
        X_val, y_val = load_dataset(dataset_path + "/*" + '-val.hdf5')

        param_mlp_dist = {
            'learning_rate' : uniform(0.0001, 0.001),
            'optimizer' : [SGD,Adam],
            'dense_layers' : randint(1,8),
            'hidden_units': randint(16,32)
        }

        param_cnn_dist = {
            ### ADD YOUR CODE HERE ###

            ##########################
        }

        if MODEL_TYPE == 'MLP':
            param_dist = param_mlp_dist
            create_model = create_MLP_model
        else:
            param_dist = param_cnn_dist
            create_model = create_CNN_model

        model = KerasClassifier(build_fn=create_model, batch_size=100, verbose=1)

        random_search = RandomizedSearchCV(estimator=model, param_distributions=param_dist, n_iter=5, cv=2, random_state=SEED)
        early_stopping = EarlyStopping(monitor='val_loss', mode='min', verbose=1, patience=10, restore_best_weights=True)
        random_search_result = random_search.fit(X_train, y_train,epochs=100, validation_data=(X_val, y_val), callbacks=[early_stopping])

        # Print the best parameters and corresponding accuracy
        print("Best parameters found: ", random_search_result.best_params_)
        print("Best cross-validated accuracy: {:.2f}".format(random_search_result.best_score_))

        # Save the best model
        best_model = random_search.best_estimator_.model
        if model_path is not None:
            save_model(best_model,model_path)
        else:
            print ("Invalid model path: ", model_path)
            print ("Model saved as: ./" + MODEL_TYPE + '_model.h5')
            save_model(best_model, './'+ MODEL_TYPE + '_model.h5')

# Train your model
Train the model by calling the ```train``` method with static dataset path, which depends on the ```MODEL_TYPE``` variable, as the shape of the input layer of the two models is different (vector for the MLP, array for the CNN).

If you wish to export the notebook as a stand-alone Python script, replace the two arguments with ```args.train``` and ```args.model``` (see the lab on NIDS deployment for more info).

In [None]:
# Train the model
train('./DOS2019_Binary_5_Attacks_'+ MODEL_TYPE, './' + MODEL_TYPE + '_model.h5')

# Make predictions on the test set
In the following cell, you can make prediction with test traffic samples obtained from unperturbed traffic traces. This test will give you a performance baseline for your model.

Also in this case, the dataset path depends on the ```MODEL_TYPE``` variable, as the shape of the input layer of the two models is different (vector for the MLP, array for the CNN).

If you wish to export the notebook as a stand-alone Python script, replace the two arguments with ```args.predict``` and ```args.model``` (see the lab on NIDS deployment for more info).

In [None]:
# Predictions on the test set
predict('./DOS2019_Binary_5_Attacks_' + MODEL_TYPE, './' + MODEL_TYPE + '_model.h5')

# Make predictions using a pcap file
In the following cell, you can test the NIDS using traces of network traffic. 
Start with unperturbed traffic (i.e., running the code below), then use perturbed traffic traces to evaluate the robustness of the NN model to evasion AML attacks.

Available perturbed traffic traces are:
- IAT set to 0.5 seconds [ddos-chunk-short-IAT0.5.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-IAT0.5.pcap5.pcap)
- Random packet length [ddos-chunk-short-PACKETLEN.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-PACKETLEN.pcap)
- Random TCP Window size [ddos-chunk-short-WINSIZE.pcap](./DOS2019_Binary_5_Attacks_PCAPs/ddos-chunk-short-WINSIZE.pcap)

**NOTE**: the important metric here is the FNR, which is the percentage of malicious samples that evades the NIDS.

If you wish to export the notebook as a stand-alone Python script, replace the two arguments with ```args.predict_live``` and ```args.model``` (see the lab on NIDS deployment for more info).


In [None]:
# Predictions on a pcap file

### CHANGE THE PCAP PATH HERE ###
predict_live('./DOS2019_Binary_5_Attacks_Pcaps/ddos-chunk-short.pcap','./' + MODEL_TYPE + '_model.h5')
##########################