Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. These attacks take advantage of ML algorithms' inherent vulnerability. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems. The majority of this research demonstrates that it is possible to fool a model using features extracted from a raw data source, but it does not take into account the real implementation of such attacks, i.e., the reverse transformation from theory to practice. The real implementation of these adversarial attacks would be influenced by various constraints that would make their execution more difficult. As a result, the purpose of this study was to investigate the actual feasibility of adversarial attacks, specifically evasion attacks, against network-based intrusion detection systems (NIDS), demonstrating that it is entirely possible to fool these ML-based IDSs using our proposed adversarial algorithm while assuming as many constraints as possible in a black-box setting. In addition, since it is critical to design defense mechanisms to protect ML-based IDSs against such attacks, a defensive scheme is presented. Realistic botnet traffic traces are used to assess this work. Our goal is to create adversarial botnet traffic that can avoid detection while still performing all of its intended malicious functionality.

翻译：由于机器学习算法具有众多优势，许多应用现在都集成了这些算法。然而，图像分类领域的诸多研究表明，机器学习算法可被多种对抗性攻击所欺骗。这些攻击利用了机器学习算法固有的脆弱性。这在网络安全领域引发了许多疑问，近年来越来越多的研究人员正在研究此类攻击对基于机器学习的安全系统（如入侵检测系统）的可行性。大部分研究证明了可以利用从原始数据源提取的特征来欺骗模型，但未考虑此类攻击的真实实现，即从理论到实践的逆向转化。这些对抗性攻击的真实实现会受到各种约束条件的影响，从而增加其执行的难度。因此，本研究旨在探究对抗性攻击（特别是逃逸攻击）对基于网络的入侵检测系统的实际可行性，证明在尽可能考虑黑盒环境中的各种约束条件下，完全可以使用我们提出的对抗性算法来欺骗这些基于机器学习的入侵检测系统。此外，由于设计防御机制来保护基于机器学习的入侵检测系统免受此类攻击至关重要，本文还提出了一种防御方案。本研究使用真实的僵尸网络流量痕迹进行评估。我们的目标是生成能够规避检测同时仍能执行其所有预期恶意功能的对抗性僵尸网络流量。