Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

TL;DR

This paper models realistic adversarial attacks on network intrusion detection systems, emphasizing practical threat scenarios to improve cybersecurity defenses and guide future research.

Contribution

It introduces a realistic threat model for adversarial attacks on ML-based network intrusion detection systems, addressing gaps in prior assumptions.

Findings

Existing literature's threat models are often unrealistic for cybersecurity.

The proposed model highlights feasible attack capabilities and limitations.

Insights can inform more effective defense strategies.

Abstract

The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to adversarial attacks that create tiny perturbations aimed at decreasing the effectiveness of detecting threats. We observe that existing literature assumes threat models that are inappropriate for realistic cybersecurity scenarios because they consider opponents with complete knowledge about the cyber detector or that can freely interact with the target systems. By focusing on Network Intrusion Detection Systems based on machine learning, we identify and model the real capabilities and circumstances required by attackers to carry out feasible and successful adversarial attacks. We then apply our model to several adversarial attacks proposed in literature and highlight the limits and merits that can result in actual adversarial attacks. The contributions of this paper can help hardening defensive systems by letting cyber defenders address the most critical and real issues, and can benefit researchers by allowing them to devise novel forms of adversarial attacks based on realistic threat models.