Vulnerability Disclosure through Adaptive Black-Box Adversarial Attacks on NIDS

TL;DR

This paper introduces a novel black-box adversarial attack method on network intrusion detection systems that uses adaptive feature selection to evade detection with minimal interaction, improving real-world applicability.

Contribution

It proposes a new adaptive attack approach that respects black-box constraints and employs change-point detection and causality analysis for effective feature targeting.

Findings

Effective evasion of detection with minimal interactions

Low computational cost and high deployability

Enhanced understanding of adversarial attacks in network traffic

Abstract

Adversarial attacks, wherein slight inputs are carefully crafted to mislead intelligent models, have attracted increasing attention. However, a critical gap persists between theoretical advancements and practical application, particularly in structured data like network traffic, where interdependent features complicate effective adversarial manipulations. Moreover, ambiguity in current approaches restricts reproducibility and limits progress in this field. Hence, existing defenses often fail to handle evolving adversarial attacks. This paper proposes a novel approach for black-box adversarial attacks, that addresses these limitations. Unlike prior work, which often assumes system access or relies on repeated probing, our method strictly respect black-box constraints, reducing interaction to avoid detection and better reflect real-world scenarios. We present an adaptive feature selection strategy using change-point detection and causality analysis to identify and target sensitive features to perturbations. This lightweight design ensures low computational cost and high deployability. Our comprehensive experiments show the attack's effectiveness in evading detection with minimal interaction, enhancing its adaptability and applicability in real-world scenarios. By advancing the understanding of adversarial attacks in network traffic, this work lays a foundation for developing robust defenses.