Source linked

PLAA Packet-Level Attacks Evade NIDS with 92.78% Success

arxiv.org@threat_watch2 hours ago·Cybersecurity·3 comments

A new adversarial attack generates network traffic at the packet level, preserving attack semantics and achieving a 92.78% average evasion rate across three benchmark datasets.

plaanetwork intrusion detectionadversarial attacksdeep neural networkscic ids 2017nids evasion

92.78% of adversarial network traffic generated by PLAA evades detection by current NIDS models — and it does so without turning the malicious payload into garbage. That number comes from a new packet-level attack algorithm designed specifically for network traffic, not borrowed from computer vision.

Why CV-Style Attacks Fail on Network Traffic

Most adversarial attacks on NIDS treat network flows like images: perturb a flow-level feature vector and call it done. The result is traffic that either doesn't route properly (invalid packets) or loses the original attack semantics — the malicious intent gets scrambled. PLAA's authors argue this is a fundamental mismatch. Network traffic has structural constraints: packet headers must be valid, payloads must be executable, and the sequence matters. Perturbing a flow-level feature ignores all of that.

PLAA Builds Traffic Packet by Packet While Preserving Semantics

PLAA works incrementally at the packet level. Instead of starting with a target flow feature and working backward, it generates packets one by one. At each stage a semantic monitor checks whether the generated traffic still carries the original attack's intent — say, a SQL injection or a DoS payload. If the semantics degrade, the generation path is adjusted. This is the key difference: the attack respects the traffic's structure, so the resulting adversarial packets are both valid and meaningful.

The algorithm was evaluated against current NIDS models on three datasets: CIC-UNSW-NB15, CIC-DDoS2019, and CIC-IDS-2017. Across all three, PLAA averaged a 92.78% evasion success rate. That is not cherry-picked on one dataset; the performance holds across different attack types and traffic profiles.

What This Means for Network Defenders

NIDS operators have long assumed that adversarial attacks from the CV world were a theoretical concern — too brittle to work in practice. PLAA shows that is false. A packet-level generation strategy that respects protocol constraints makes evasion practical. I expect to see red teams incorporating this approach, and defenders will need to move beyond flow-level feature analysis. Packet-level inspection and adversarial training on realistic traffic are no longer optional.

PLAA exposes a critical blind spot in NIDS architectures that rely on flow-level features — defenders will need to rethink how they analyze traffic at the packet level to close this gap.

Source: PLAA: Packet-level Adversarial Attacks in Network Traffic Detection
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
15 of 21 RL Vulnerability Studies Still Just Fuzzing - Only One Localizes Bugs

A systematic review of 21 papers finds reinforcement learning for C/C++ vulnerability detection is stuck on fuzzing; just three tackle direct detection and exactly one locates code at the statement level.

US Puts $10M Bounty on Russian Group Behind Signal and WhatsApp Hacks

Thousands of journalist and government accounts compromised since March via phishing for verification codes-State Department offers up to $10 million for intel on the attackers.

Yokogawa ICS Cleartext Bug Scores 8.2, Hits Energy and Food Sectors

An unauthenticated attacker can grab CI Server configuration details over the network thanks to CWE-319 in Yokogawa FAST/TOOLS and CI Server, earning a CVSS v4 score of 8.2.

AWS CIRT Catalog Adds 5 New Attack Techniques - EKS Hijack, Root Assume, Org Takeover

Threat actors are abusing legitimate AWS features like sts:AssumeRoot and Kubernetes workload modifications. The June 2026 TTC update documents five new techniques and three updates, all observed in real incidents.

Comments load interactively on the live page.