In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of (maliciously) perturbed benign packets being misclassified as attack has been largely ignored. In this paper, we demonstrate that this is not only theoretically possible, but also a particular threat to NIDS. In particular, we uncover a practical cyberattack, FPR manipulation attack (FPA), especially targeting industrial IoT networks, where domain-specific knowledge of the widely used MQTT protocol is exploited and a systematic simple packet-level perturbation is performed to alter the labels of benign traffic samples without employing traditional gradient-based or non-gradient-based methods. The experimental evaluations demonstrate that this novel attack results in a success rate of 80.19% to 100%. In addition, while estimating impacts in the Security Operations Center, we observe that even a small fraction of false positive alerts, irrespective of different budget constraints and alert traffic intensities, can increase the delay of genuine alerts investigations up to 2 hr in a single day under normal operating conditions. Furthermore, a series of relevant statistical and XAI analyses is conducted to understand the key factors behind this remarkable success. Finally, we explore the effectiveness of the FPA packets to enhance models' robustness through adversarial training and investigate the changes in decision boundaries accordingly.

翻译：在网络安全领域，由于实际存在的问题——包括数据不平衡和异构的正常网络流量——基于机器学习的网络入侵检测系统中的对抗性攻击一直被视为被误分类为良性流量的攻击数据包。由于这种普遍认知，（恶意）扰动的良性数据包被误分类为攻击的可能性在很大程度上被忽略了。在本文中，我们证明了这不仅在理论上是可能的，而且对网络入侵检测系统构成了特殊威胁。具体而言，我们揭示了一种实际网络攻击——FPR操纵攻击（FPA），它特别针对工业物联网网络，利用了广泛使用的MQTT协议的领域特定知识，并执行系统性的简单数据包级扰动，以改变正常流量样本的标签，而未采用传统的基于梯度或非梯度方法。实验评估表明，这种新型攻击的成功率可达80.19%至100%。此外，在评估对安全运营中心的影响时，我们观察到，即使在不同的预算约束和告警流量强度下，少量误报也能使正常操作条件下单日内真实告警调查的延迟增加至多2小时。进一步地，我们进行了一系列相关的统计和XAI分析，以理解这一显著成功背后的关键因素。最后，我们探索了利用FPA数据包通过对抗训练增强模型鲁棒性的有效性，并相应研究了决策边界的变化。