Source linked

هجمات PLAA على مستوى البلاستيك تجنب NIDS بنسبة 92.78٪ من النجاح

يوفر هجوماً معارضاً جديداً حركة المرور على الشبكة على مستوى البطاقات، ويحافظ على التسمية الهجومية ويحقق متوسط معدل التسلل من 92.78٪ على ثلاث مجموعات من البيانات المقارنة.

plaanetwork intrusion detectionadversarial attacksdeep neural networkscic ids 2017nids evasion

92.78% of adversarial network traffic generated by PLAA evades detection by current NIDS models — and it does so without turning the malicious payload into garbage. That number comes from a new packet-level attack algorithm designed specifically for network traffic, not borrowed from computer vision.

Why CV-Style Attacks Fail on Network Traffic

Most adversarial attacks on NIDS treat network flows like images: perturb a flow-level feature vector and call it done. The result is traffic that either doesn't route properly (invalid packets) or loses the original attack semantics — the malicious intent gets scrambled. PLAA's authors argue this is a fundamental mismatch. Network traffic has structural constraints: packet headers must be valid, payloads must be executable, and the sequence matters. Perturbing a flow-level feature ignores all of that.

PLAA Builds Traffic Packet by Packet While Preserving Semantics

PLAA works incrementally at the packet level. Instead of starting with a target flow feature and working backward, it generates packets one by one. At each stage a semantic monitor checks whether the generated traffic still carries the original attack's intent — say, a SQL injection or a DoS payload. If the semantics degrade, the generation path is adjusted. This is the key difference: the attack respects the traffic's structure, so the resulting adversarial packets are both valid and meaningful.

The algorithm was evaluated against current NIDS models on three datasets: CIC-UNSW-NB15, CIC-DDoS2019, and CIC-IDS-2017. Across all three, PLAA averaged a 92.78% evasion success rate. That is not cherry-picked on one dataset; the performance holds across different attack types and traffic profiles.

What This Means for Network Defenders

NIDS operators have long assumed that adversarial attacks from the CV world were a theoretical concern — too brittle to work in practice. PLAA shows that is false. A packet-level generation strategy that respects protocol constraints makes evasion practical. I expect to see red teams incorporating this approach, and defenders will need to move beyond flow-level feature analysis. Packet-level inspection and adversarial training on realistic traffic are no longer optional.

PLAA exposes a critical blind spot in NIDS architectures that rely on flow-level features — defenders will need to rethink how they analyze traffic at the packet level to close this gap.


Source: PLAA: Packet-level Adversarial Attacks in Network Traffic Detection
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.