Exploring transferable adversarial attacks for Deep Learning-based Network Intrusion Detection

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-06-30 DOI:10.1016/j.jnca.2025.104255

Zhongshu Mao , Yiqin Lu , Zhe Cheng , Kaiqiong Chen

{"title":"Exploring transferable adversarial attacks for Deep Learning-based Network Intrusion Detection","authors":"Zhongshu Mao , Yiqin Lu , Zhe Cheng , Kaiqiong Chen","doi":"10.1016/j.jnca.2025.104255","DOIUrl":null,"url":null,"abstract":"<div><div>Network Intrusion Detection Systems (NIDSs) increasingly use Deep Learning (DL) techniques due to their superior performance. However, some studies have shown that attackers can bypass DL-based NIDSs by generating Adversarial Attack Traffic (AAT). To better understand the vulnerabilities of DL-based NIDS, more and more adversarial attacks have been proposed. We observed three problems while studying these attacks: (1) Some attacks need to query the target model to construct AAT or surrogate models, which is not stealthy enough; (2) The generated AAT is impractical due to the lack of constraints when modifying features; and (3) The attack methods are limited in their extensibility. We propose a framework called SPTS to address these problems. SPTS runs in the black-box scenario without access to the target model. To generate the practical AAT, SPTS incorporates feature hierarchization and rectification. The correlations and constraints between features are established by mathematics. In addition, we implement a variety of adversarial attack algorithms within the SPTS framework, illustrating its excellent scalability. The AAT is mapped to practical packets to evaluate its transferability. Furthermore, we discover that enhancing the diversity of gradients can further improve the transferability of AAT. We propose a DGM algorithm based on SPTS, which randomly transforms the inputs to produce more robust gradients. Empirical evaluations on the standard dataset demonstrate the effectiveness and superiority of our SPTS and DGM. Defense methods to mitigate SPTS and DGM are also provided, and their advantages and disadvantages are described based on experimental results. Code is available at <span><span>https://github.com/maozhongshu1995/TransAdvAttForNIDS</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104255"},"PeriodicalIF":7.7000,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525001523","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Network Intrusion Detection Systems (NIDSs) increasingly use Deep Learning (DL) techniques due to their superior performance. However, some studies have shown that attackers can bypass DL-based NIDSs by generating Adversarial Attack Traffic (AAT). To better understand the vulnerabilities of DL-based NIDS, more and more adversarial attacks have been proposed. We observed three problems while studying these attacks: (1) Some attacks need to query the target model to construct AAT or surrogate models, which is not stealthy enough; (2) The generated AAT is impractical due to the lack of constraints when modifying features; and (3) The attack methods are limited in their extensibility. We propose a framework called SPTS to address these problems. SPTS runs in the black-box scenario without access to the target model. To generate the practical AAT, SPTS incorporates feature hierarchization and rectification. The correlations and constraints between features are established by mathematics. In addition, we implement a variety of adversarial attack algorithms within the SPTS framework, illustrating its excellent scalability. The AAT is mapped to practical packets to evaluate its transferability. Furthermore, we discover that enhancing the diversity of gradients can further improve the transferability of AAT. We propose a DGM algorithm based on SPTS, which randomly transforms the inputs to produce more robust gradients. Empirical evaluations on the standard dataset demonstrate the effectiveness and superiority of our SPTS and DGM. Defense methods to mitigate SPTS and DGM are also provided, and their advantages and disadvantages are described based on experimental results. Code is available at https://github.com/maozhongshu1995/TransAdvAttForNIDS.

查看原文本刊更多论文

探索基于深度学习的网络入侵检测的可转移对抗性攻击

网络入侵检测系统（nids）由于其优越的性能越来越多地使用深度学习（DL）技术。然而，一些研究表明，攻击者可以通过生成对抗性攻击流量（AAT）来绕过基于dl的nids。为了更好地理解基于dll的NIDS的漏洞，越来越多的对抗性攻击被提出。在研究这些攻击时，我们发现了三个问题：(1)一些攻击需要查询目标模型来构建AAT或代理模型，这种方法的隐蔽性不够；(2)由于修改特征时缺乏约束，生成的AAT不切实际；(3)攻击方法的可扩展性有限。我们提出了一个名为SPTS的框架来解决这些问题。SPTS在不访问目标模型的黑箱场景中运行。为了生成实用的AAT， SPTS结合了特征分层和校正。特征之间的关联和约束由数学建立。此外，我们在SPTS框架内实现了各种对抗性攻击算法，说明了其良好的可扩展性。将AAT映射到实际数据包中，以评估其可传输性。此外，我们发现增加梯度的多样性可以进一步提高AAT的可转移性。我们提出了一种基于SPTS的DGM算法，该算法随机变换输入以产生更鲁棒的梯度。在标准数据集上的实证评估表明了我们的SPTS和DGM的有效性和优越性。提出了针对SPTS和DGM的防御方法，并根据实验结果分析了它们的优缺点。代码可从https://github.com/maozhongshu1995/TransAdvAttForNIDS获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.