Machine Learning (ML) has become ubiquitous, and its deployment in Network Intrusion Detection Systems (NIDS) is inevitable due to its automated nature and high accuracy in processing and classifying large volumes of data. However, ML has been found to have several flaws, on top of them are adversarial attacks, which aim to trick ML models into producing faulty predictions. While most adversarial attack research focuses on computer vision datasets, recent studies have explored the practicality of such attacks against ML-based network security entities, especially NIDS. This paper presents two distinct contributions: a taxonomy of practicality issues associated with adversarial attacks against ML-based NIDS and an investigation of the impact of continuous training on adversarial attacks against NIDS. Our experiments indicate that continuous re-training, even without adversarial training, can reduce the effect of adversarial attacks. While adversarial attacks can harm ML-based NIDSs, our aim is to highlight that there is a significant gap between research and real-world practicality in this domain which requires attention.

翻译：机器学习（ML）已变得无处不在，因其自动化特性及在处理和分类海量数据方面的高准确率，其在网络入侵检测系统（NIDS）中的部署不可避免。然而，研究表明ML存在若干缺陷，其中最主要的是对抗性攻击——旨在诱使ML模型产生错误预测。尽管现有对抗性攻击研究多聚焦于计算机视觉数据集，但近期工作已开始探索此类攻击针对基于ML的网络安全实体（尤其是NIDS）的实用性。本文提出两个独立贡献：一是针对基于ML的NIDS的对抗性攻击实用性问题的分类体系，二是持续训练对NIDS对抗性攻击影响的实证研究。实验表明，即使未采用对抗训练，持续重训练仍可削弱对抗性攻击的效果。尽管对抗性攻击能对基于ML的NIDS造成损害，但本文旨在强调该领域研究与现实世界实用性之间存在的显著差距亟需关注。