SoK: Realistic Adversarial Attacks and Defenses for Intelligent Network Intrusion Detection

TL;DR

This paper systematically reviews realistic adversarial attacks and defenses in network intrusion detection, emphasizing the importance of practical constraints and realistic examples for effective ML security in communication networks.

Contribution

It consolidates state-of-the-art adversarial learning approaches tailored for realistic network scenarios and provides guidelines for future research in this domain.

Findings

Most adversarial attacks are unrealistic for network protocols

Existing defenses often do not consider communication constraints

Guidelines for generating realistic adversarial examples are proposed

Abstract

Machine Learning (ML) can be incredibly valuable to automate anomaly detection and cyber-attack classification, improving the way that Network Intrusion Detection (NID) is performed. However, despite the benefits of ML models, they are highly susceptible to adversarial cyber-attack examples specifically crafted to exploit them. A wide range of adversarial attacks have been created and researchers have worked on various defense strategies to safeguard ML models, but most were not intended for the specific constraints of a communication network and its communication protocols, so they may lead to unrealistic examples in the NID domain. This Systematization of Knowledge (SoK) consolidates and summarizes the state-of-the-art adversarial learning approaches that can generate realistic examples and could be used in real ML development and deployment scenarios with real network traffic flows. This SoK also describes the open challenges regarding the use of adversarial ML in the NID domain, defines the fundamental properties that are required for an adversarial example to be realistic, and provides guidelines for researchers to ensure that their future experiments are adequate for a real communication network.