Machine-learning Network Intrusion Detection Systems (NIDSs) are increasingly used to detect network attacks, but they remain vulnerable to Adversarial Machine Learning (AML) attacks that subtly perturb traffic to cause misclassification. Understanding and testing these attacks is essential for deploying reliable NIDS in real networks. However, existing AML attack generators, often developed for other application domains, frequently violate network constraints or alter the malicious functionality of traffic, limiting their usefulness for realistic evaluation. To address these limitations, we propose Constraint-Projected Adversarial Attack (CPAD), a method that preserves both validity and maliciousness while inducing evasion. The main goal of CPAD is to allow cybersecurity analysts and practitioners to assess the robustness of their NIDSs against adversarially perturbed network attacks. CPAD partitions features into perturbable and non-perturbable sets, iteratively targets the most influential features, and projects perturbations back into the allowable distribution and constraint space so samples remain realistic and functional. Evaluated on Brute Force, DDoS, DoS, and Bot attacks using a deep model, CPAD produces realistic adversarial samples that retain attack characteristics and successfully evade detection, enabling more faithful robustness assessment of NIDSs.
CPAD: Constraint-Projected Adversarial Attack for Dependable Network Intrusion Detection / Ntako Koungni, Michael Kevin; Siracusa, Domenico; Doriguzzi-Corin, Roberto. - (2025). ( 2025 3rd International Conference on Foundation and Large Language Models (FLLM) Vienna 25–28 November 2025).
CPAD: Constraint-Projected Adversarial Attack for Dependable Network Intrusion Detection
Michael Kevin Ntako Koungni;Domenico Siracusa;Roberto Doriguzzi-Corin
2025-01-01
Abstract
Machine-learning Network Intrusion Detection Systems (NIDSs) are increasingly used to detect network attacks, but they remain vulnerable to Adversarial Machine Learning (AML) attacks that subtly perturb traffic to cause misclassification. Understanding and testing these attacks is essential for deploying reliable NIDS in real networks. However, existing AML attack generators, often developed for other application domains, frequently violate network constraints or alter the malicious functionality of traffic, limiting their usefulness for realistic evaluation. To address these limitations, we propose Constraint-Projected Adversarial Attack (CPAD), a method that preserves both validity and maliciousness while inducing evasion. The main goal of CPAD is to allow cybersecurity analysts and practitioners to assess the robustness of their NIDSs against adversarially perturbed network attacks. CPAD partitions features into perturbable and non-perturbable sets, iteratively targets the most influential features, and projects perturbations back into the allowable distribution and constraint space so samples remain realistic and functional. Evaluated on Brute Force, DDoS, DoS, and Bot attacks using a deep model, CPAD produces realistic adversarial samples that retain attack characteristics and successfully evade detection, enabling more faithful robustness assessment of NIDSs.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
