Machine learning has brought significant advances in cybersecurity, particularly in the development of Intrusion Detection Systems (IDS). These improvements are mainly attributed to the ability of machine learning algorithms to identify complex relationships between features and effectively generalize to unseen data. Deep neural networks, in particular, contributed to this progress by enabling the analysis of large amounts of training data, significantly enhancing detection performance. However, machine learning models remain vulnerable to adversarial attacks, where carefully crafted input data can mislead the model into making incorrect predictions. While adversarial threats in unstructured data, such as images and text, have been extensively studied, their impact on structured data like network traffic is less explored. This survey aims to address this gap by providing a comprehensive review of machine learning-based Network Intrusion Detection Systems (NIDS) and thoroughly analyzing their susceptibility to adversarial attacks. We critically examine existing research in NIDS, highlighting key trends, strengths, and limitations, while identifying areas that require further exploration. Additionally, we discuss emerging challenges in the field and offer insights for the development of more robust and resilient NIDS. In summary, this paper enhances the understanding of adversarial attacks and defenses in NIDS and guide future research in improving the robustness of machine learning models in cybersecurity applications.
翻译:机器学习为网络安全领域带来了显著进步,尤其在入侵检测系统(IDS)的开发中。这些改进主要归功于机器学习算法识别特征间复杂关系并有效泛化至未见数据的能力。深度神经网络通过实现对大量训练数据的分析,显著提升了检测性能,特别推动了这一进展。然而,机器学习模型仍易受对抗性攻击的影响——精心构造的输入数据可能误导模型做出错误预测。尽管图像、文本等非结构化数据中的对抗性威胁已得到广泛研究,但其对网络流量等结构化数据的影响尚未被充分探索。本综述旨在填补这一空白,对基于机器学习的网络入侵检测系统(NIDS)进行全面回顾,并深入分析其对抗攻击的脆弱性。我们批判性地审视了NIDS领域的现有研究,重点梳理了关键趋势、优势与局限,同时指明了需进一步探索的方向。此外,我们讨论了该领域新兴的挑战,并为开发更具鲁棒性和抗逆性的NIDS提供了见解。总而言之,本文深化了对NIDS中对抗攻击与防御机制的理解,并为提升机器学习模型在网络安全应用中的鲁棒性指明了未来研究方向。