pith. sign in

arxiv: 2005.07519 · v4 · pith:Q2L6KKNInew · submitted 2020-05-15 · 💻 cs.CR · cs.LG· cs.NI

Evaluating and Improving Adversarial Robustness of Machine Learning-Based Network Intrusion Detectors

classification 💻 cs.CR cs.LGcs.NI
keywords attacksrobustnessadversarialnidssproposedattackevaluateml-based
0
0 comments X
read the original abstract

Machine learning (ML), especially deep learning (DL) techniques have been increasingly used in anomaly-based network intrusion detection systems (NIDS). However, ML/DL has shown to be extremely vulnerable to adversarial attacks, especially in such security-sensitive systems. Many adversarial attacks have been proposed to evaluate the robustness of ML-based NIDSs. Unfortunately, existing attacks mostly focused on feature-space and/or white-box attacks, which make impractical assumptions in real-world scenarios, leaving the study on practical gray/black-box attacks largely unexplored. To bridge this gap, we conduct the first systematic study of the gray/black-box traffic-space adversarial attacks to evaluate the robustness of ML-based NIDSs. Our work outperforms previous ones in the following aspects: (i) practical-the proposed attack can automatically mutate original traffic with extremely limited knowledge and affordable overhead while preserving its functionality; (ii) generic-the proposed attack is effective for evaluating the robustness of various NIDSs using diverse ML/DL models and non-payload-based features; (iii) explainable-we propose an explanation method for the fragile robustness of ML-based NIDSs. Based on this, we also propose a defense scheme against adversarial attacks to improve system robustness. We extensively evaluate the robustness of various NIDSs using diverse feature sets and ML/DL models. Experimental results show our attack is effective (e.g., >97% evasion rate in half cases for Kitsune, a state-of-the-art NIDS) with affordable execution cost and the proposed defense method can effectively mitigate such attacks (evasion rate is reduced by >50% in most cases).

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Detecting Adversarial Evasion Attacks Against Autoencoder-Based Network Intrusion Detection Systems

    cs.CR 2026-07 unverdicted novelty 7.0

    Two detectors achieve near-perfect accuracy detecting PANDA-style adversarial attacks on autoencoder NIDS using image-space error localization and packet-feature consistency checks on IoT traffic.