Towards oblivious network analysis using generative adversarial networks

Abstract

Modern systems across diverse application domains (e.g., IoT, automotive) have many black-box devices whose internal structures and/or protocol formats are unknown. We currently lack the tools to systematically understand the behavior and learn the security weaknesses of these black-box devices. Such tools could enable many use cases, such as: 1) identifying input packets that lead to network attacks; and 2) inferring the format of unknown protocols. Our goal is to enable oblivious network analysis which can perform the aforementioned tasks for black-box devices. In this work, we explore the use of a recent machine learning tool called generative adversarial networks (GANs) [16] to enable this vision. Unlike other competing approaches, GANs can work in a truly black-box setting and can infer complex dependencies between protocol fields with little to no supervision. We leverage GANs to show the preliminary use cases of our approaches using two case studies: 1) generating synthetic protocol messages given only samples of messages; and 2) generating attack inputs for a black-box system. While there are still many open challenges, our results suggest the early promise of GANs to enable "oblivious" analysis of networked elements.