Abstract:Recent advancements in artificial intelligence (AI) and machine learning (ML) algorithms, coupled with the availability of faster computing infrastructure, have enhanced the security posture of cybersecurity operations centers (defenders) through the development of ML-aided network intrusion detection systems (NIDS). Concurrently, the abilities of adversaries to evade security have also increased with the support of AI/ML models. Therefore, defenders need to proactively prepare for evasion attacks that exploit the detection mechanisms of NIDS. Recent studies have found that the perturbation of flow-based and packet-based features can deceive ML models, but these approaches have limitations. Perturbations made to the flow-based features are difficult to reverse-engineer, while samples generated with perturbations to the packet-based features are not playable. Our methodological framework, Deep PackGen, employs deep reinforcement learning to generate adversarial packets and aims to overcome the limitations of approaches in the literature. By taking raw malicious network packets as inputs and systematically making perturbations on them, Deep PackGen camouflages them as benign packets while still maintaining their functionality. In our experiments, using publicly available data, Deep PackGen achieved an average adversarial success rate of 66.4\% against various ML models and across different attack types. Our investigation also revealed that more than 45\% of the successful adversarial samples were out-of-distribution packets that evaded the decision boundaries of the classifiers. The knowledge gained from our study on the adversary's ability to make specific evasive perturbations to different types of malicious packets can help defenders enhance the robustness of their NIDS against evolving adversarial attacks.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is: how to use deep reinforcement learning to generate adversarial network packets that can bypass machine - learning - based network intrusion detection systems (NIDS), while maintaining the functionality of these packets. Specifically, in view of the limitations of existing methods in generating adversarial samples, the paper proposes a new framework - Deep PackGen, aiming to overcome the following problems: 1. **Limitations of existing methods**: - **Flow - level feature perturbation is difficult to reverse - engineer**: Methods that perturb flow - level features are difficult to reverse - engineer from the flow level to the actual packet construction. - **Packet - level feature perturbation is not feasible**: Adversarial samples generated by perturbing packet - level features cannot be actually used in network communications. - **The correlation between packet - level features is not considered**: Existing packet - level perturbation methods do not consider the correlation between packet - level features, which may lead to the generated adversarial samples being invalid. - **Perturbation of two - way communication is unrealistic**: Existing methods simultaneously perturb packets in two - way communication, while in fact an attacker can only control the forward packets from the host to the destination. 2. **The proposed new framework Deep PackGen**: - **Only perturb forward packets**: Deep PackGen only perturbs the forward packets sent from the host to the destination, ensuring the practical feasibility of the attack. - **Maintain packet functionality**: The generated adversarial samples can not only bypass NIDS, but also maintain the functionality of the original packets. - **Consider the side effects of perturbation**: Considering the correlation between packet - level features, ensure that the generated adversarial samples will not become invalid due to perturbation. - **Improve the generalization ability of adversarial samples**: Through deep reinforcement learning, make the generated adversarial samples able to bypass unknown classifiers and have a certain generalization ability. 3. **Specific objectives**: - **Generate effective adversarial samples**: Through deep reinforcement learning, train an agent to generate adversarial network packets that can bypass ML - based NIDS. - **Evaluate the effectiveness of adversarial samples**: Test whether the generated adversarial samples can successfully bypass detection under different ML models and attack types. - **Provide actionable adversarial samples**: Ensure that the generated adversarial samples can be used in the actual network environment, for example, verify their feasibility through the Wireshark application. In summary, the main objective of this paper is to develop a deep - reinforcement - learning - based framework for generating adversarial network packets that can both bypass ML - based NIDS and maintain functionality, thereby helping network security researchers better understand and defend against this new type of attack method.

Deep PackGen: A Deep Reinforcement Learning Framework for Adversarial Network Packet Generation

Black-Box Adversarial Attacks Against Deep Learning Based Malware Binaries Detection with GAN

Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems

Packet-Level Adversarial Network Traffic Crafting using Sequence Generative Adversarial Networks

ProGen: Projection-Based Adversarial Attack Generation Against Network Intrusion Detection

PGN: A perturbation generation network against deep reinforcement learning

Untargeted White-box Adversarial Attack with Heuristic Defence Methods in Real-time Deep Learning based Network Intrusion Detection System

Stealthy Adversarial Attacks on Intrusion Detection Systems: A Functionality-Preserving Approach

Sneaking Through Security: Mutating Live Network Traffic to Evade Learning-Based NIDS

Evading Machine Learning Botnet Detection Models via Deep Reinforcement Learning

IDSGAN: Generative Adversarial Networks for Attack Generation Against Intrusion Detection

A Novel Deep Learning based Model to Defend Network Intrusion Detection System against Adversarial Attacks

Packet-Level and Flow-Level Network Intrusion Detection Based on Reinforcement Learning and Adversarial Training

Adversarial Attacks Against Network Intrusion Detection in IoT Systems

Deep Reinforcement Learning based Evasion Generative Adversarial Network for Botnet Detection

Evaluating and Improving Adversarial Robustness of Machine Learning-Based Network Intrusion Detectors

Generative adversarial attacks against intrusion detection systems using active learning

SynGAN: Towards Generating Synthetic Network Attacks using GANs

GPMT: Generating Practical Malicious Traffic Based on Adversarial Attacks with Little Prior Knowledge

An Enhanced AI-Based Network Intrusion Detection System Using Generative Adversarial Networks

Adversarial machine learning in Network Intrusion Detection Systems