SoK: Realistic Adversarial Attacks and Defenses for Intelligent Network Intrusion Detection
It tackles the challenge of making adversarial machine learning practical and effective for network security, though it is incremental as it consolidates existing knowledge rather than introducing new methods.
This paper addresses the problem of adversarial attacks on machine learning models for network intrusion detection, which often produce unrealistic examples due to domain-specific constraints, by systematizing state-of-the-art approaches that generate realistic adversarial examples and providing guidelines for future research.
Machine Learning (ML) can be incredibly valuable to automate anomaly detection and cyber-attack classification, improving the way that Network Intrusion Detection (NID) is performed. However, despite the benefits of ML models, they are highly susceptible to adversarial cyber-attack examples specifically crafted to exploit them. A wide range of adversarial attacks have been created and researchers have worked on various defense strategies to safeguard ML models, but most were not intended for the specific constraints of a communication network and its communication protocols, so they may lead to unrealistic examples in the NID domain. This Systematization of Knowledge (SoK) consolidates and summarizes the state-of-the-art adversarial learning approaches that can generate realistic examples and could be used in real ML development and deployment scenarios with real network traffic flows. This SoK also describes the open challenges regarding the use of adversarial ML in the NID domain, defines the fundamental properties that are required for an adversarial example to be realistic, and provides guidelines for researchers to ensure that their future experiments are adequate for a real communication network.