In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of (maliciously) perturbed benign packets being misclassified as attack has been largely ignored. In this paper, we demonstrate that this is not only theoretically possible, but also a particular threat to NIDS. In particular, we uncover a practical cyberattack, FPR manipulation attack (FPA), especially targeting industrial IoT networks, where domain-specific knowledge of the widely used MQTT protocol is exploited and a systematic simple packet-level perturbation is performed to alter the labels of benign traffic samples without employing traditional gradient-based or non-gradient-based methods. The experimental evaluations demonstrate that this novel attack results in a success rate of 80.19% to 100%. In addition, while estimating impacts in the Security Operations Center, we observe that even a small fraction of false positive alerts, irrespective of different budget constraints and alert traffic intensities, can increase the delay of genuine alerts investigations up to 2 hr in a single day under normal operating conditions. Furthermore, a series of relevant statistical and XAI analyses is conducted to understand the key factors behind this remarkable success. Finally, we explore the effectiveness of the FPA packets to enhance models' robustness through adversarial training and investigate the changes in decision boundaries accordingly.

翻译：在网络安全领域，由于实际存在的问题——包括数据不平衡和异构的合法网络流量——基于机器学习的网络入侵检测系统中的对抗攻击通常被视为被误分类为良性的攻击数据包。由于这种普遍认知，（恶意）扰动的良性数据包被误分类为攻击的可能性在很大程度上被忽视了。本文中，我们证明这不仅在理论上是可能的，而且对网络入侵检测系统构成特定威胁。具体而言，我们揭示了一种实际的网络攻击——误报率操纵攻击，该攻击特别针对工业物联网网络，其中利用了广泛使用的MQTT协议的领域特定知识，并执行系统性的简单数据包级扰动以改变良性流量样本的标签，而无需采用传统的基于梯度或非梯度的方法。实验评估表明，这种新型攻击的成功率达到80.19%至100%。此外，在评估安全运营中心的影响时，我们观察到即使一小部分误报警报，无论预算约束和警报流量强度如何不同，在正常运行条件下，单日内可将真实警报调查的延迟增加至2小时。进一步，我们进行了一系列相关的统计分析和可解释人工智能分析，以理解这一显著成功背后的关键因素。最后，我们探索了误报率操纵攻击数据包通过对抗训练增强模型鲁棒性的有效性，并相应研究了决策边界的变化。