Defending OC-SVM based IDS from poisoning attacks

Machine learning techniques are widely used to detect intrusions in the cyber security field. However, most machine learning models are vulnerable to poisoning attacks, in which malicious samples are injected into the training dataset to manipulate the classifier's performance. In this paper, we first evaluate the accuracy degradation of OC-SVM classifiers with 3 different poisoning strategies with the ADLA-FD public dataset and a real world dataset. Secondly, we propose a saniti-zation mechanism based on the DBSCAN clustering algorithm. In addition, we investigate the influences of different distance metrics and different dimensionality reduction techniques and evaluate the sensitivity of the DBSCAN parameters. The ex-perimental results show that the poisoning attacks can degrade the performance of the OC-SVM classifier to a large degree, with an accuracy equal to 0.5 in most settings. The proposed sanitization method can filter out poisoned samples effectively for both datasets. The accuracy after sanitization is very close or even higher to the original value.