Adversarial examples are inputs to a machine learning system intentionally crafted by an attacker to fool the model into producing an incorrect output. These examples have achieved a great deal of success in several domains such as image recognition, speech recognition and spam detection. In this paper, we study the nature of the adversarial problem in Network Intrusion Detection Systems (NIDS). We focus on the attack perspective, which includes techniques to generate adversarial examples capable of evading a variety of machine learning models. More specifically, we explore the use of evolutionary computation (particle swarm optimization and genetic algorithm) and deep learning (generative adversarial networks) as tools for adversarial example generation. To assess the performance of these algorithms in evading a NIDS, we apply them to two publicly available data sets, namely the NSL-KDD and UNSW-NB15, and we contrast them to a baseline perturbation method: Monte Carlo simulation. The results show that our adversarial example generation techniques cause high misclassification rates in eleven different machine learning models, along with a voting classifier. Our work highlights the vulnerability of machine learning based NIDS in the face of adversarial perturbation.

本文探讨了在网络入侵检测系统中对抗性问题的本质，从攻击者角度出发，研究利用进化计算和深度学习生成对抗样本的方法，并应用于公共数据集，与基线方法做对比，结果表明，这些生成对抗样本会导致11个不同的机器学习模型及投票分类器高误分类率，突出了机器学习检测系统在面临对抗性样本时的脆弱性。

网络入侵检测系统中的对抗性机器学习