Evasion Adversarial Attacks Remain Impractical Against ML-based Network Intrusion Detection Systems, Especially Dynamic Ones
arXiv:2306.05494v5 Announce Type: replace-cross Abstract: Machine Learning (ML) has become pervasive, and its deployment in Network Intrusion Detection Systems (NIDS) is inevitable due to its automated nature and high accuracy compared to traditional models in processing and classifying large volumes of data. However, ML has been found to have several flaws, most importantly, adversarial attacks, which aim to trick ML models into producing faulty predictions. While most adversarial attack research focuses on computer vision datasets, recent studies have explored the suitability of these attack — Mohamed elShehaby, Ashraf Matrawy
View PDF HTML (experimental)
Abstract:Machine Learning (ML) has become pervasive, and its deployment in Network Intrusion Detection Systems (NIDS) is inevitable due to its automated nature and high accuracy compared to traditional models in processing and classifying large volumes of data. However, ML has been found to have several flaws, most importantly, adversarial attacks, which aim to trick ML models into producing faulty predictions. While most adversarial attack research focuses on computer vision datasets, recent studies have explored the suitability of these attacks against ML-based network security entities, especially NIDS, due to the wide difference between different domains regarding the generation of adversarial attacks. To further explore the practicality of adversarial attacks against ML-based NIDS in-depth, this paper presents several key contributions: identifying numerous practicality issues for evasion adversarial attacks on ML-NIDS using an attack tree threat model, introducing a taxonomy of practicality issues associated with adversarial attacks against ML-based NIDS, identifying specific leaf nodes in our attack tree that demonstrate some practicality for real-world implementation and conducting a comprehensive review and exploration of these potentially viable attack approaches, and investigating how the dynamicity of real-world ML models affects evasion adversarial attacks against NIDS. Our experiments indicate that continuous re-training, even without adversarial training, can reduce the effectiveness of adversarial attacks. While adversarial attacks can compromise ML-based NIDSs, our aim is to highlight the significant gap between research and real-world practicality in this domain, which warrants attention.
Subjects:
Cryptography and Security (cs.CR); Machine Learning (cs.LG); Networking and Internet Architecture (cs.NI)
Cite as: arXiv:2306.05494 [cs.CR]
(or arXiv:2306.05494v5 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2306.05494
arXiv-issued DOI via DataCite
Submission history
From: Mohamed ElShehaby [view email] [v1] Thu, 8 Jun 2023 18:32:08 UTC (1,921 KB) [v2] Wed, 3 Apr 2024 21:55:46 UTC (10,149 KB) [v3] Wed, 22 Jan 2025 19:11:12 UTC (10,149 KB) [v4] Thu, 16 Oct 2025 00:43:56 UTC (1,410 KB) [v5] Sun, 29 Mar 2026 18:14:21 UTC (1,368 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
researchpaperarxiv
Know3D lets users control the hidden back side of 3D objects with text prompts
A research team taps into the world knowledge of large language models to control what appears on the back side of 3D objects using simple text commands. The approach tackles one of the biggest blind spots in single-image 3D generation. The article Know3D lets users control the hidden back side of 3D objects with text prompts appeared first on The Decoder .
Anthropic discovers "functional emotions" in Claude that influence its behavior
Anthropic's research team has discovered emotion-like representations in Claude Sonnet 4.5 that can drive the model to blackmail and code fraud under pressure. The article Anthropic discovers "functional emotions" in Claude that influence its behavior appeared first on The Decoder .
Looking for arXiv endorsement (cs.LG) – RL fine-tuning for VLMs (GRPO, MathVista)
Hi everyone, I am seeking an arXiv endorsement for cs.LG (Machine Learning) to submit my first paper on RL fine-tuning for vision-language models. Background: MS in AI (Purdue), working on RL + VLM training systems. Paper: A Case Study of Staged Metric-Gated GRPO for Visual Numeric Reasoning PDF: https://github.com/kgaero/RL_GSPO_Qwen2.5VLM/blob/main/paper/staged_metric_gated_grpo.pdf Short summary: Staged RL fine-tuning pipeline for VLMs (GRPO-based) Curriculum over MathVista subsets Metric-gated reward adaptation (structure → correctness) Checkpoint-aware continuation via alias-based selection Main result: Exact-match improves 0.375 → 0.75 with stable structure under constrained compute. If you’re eligible to endorse (cs.LG or related), I’d greatly appreciate it. Happy to share endorseme
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Research Papers
Multi-fidelity approaches for general constrained Bayesian optimization with application to aircraft design
Aircraft design relies heavily on solving challenging and computationally expensive Multidisciplinary Design Optimization problems. In this context, there has been growing interest in multi-fidelity models for Bayesian optimization to improve the MDO process by balancing computational cost and accuracy through the combination of high- and low-fidelity simulation models, enabling efficient exploration of the design process at a minimal computational effort. In the existing literature, fidelity selection focuses only on the objective function to decide how to integrate multiple fidelity levels, — Oihan Cordelier, Youssef Diouane, Nathalie Bartoli
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!