In recent years, machine learning (ML) has become the mainstream network intrusion detection system(NIDS). However, the inherent vulnerabilities of machine learning make it difficult to resist adversarial attacks, which can mislead the models by adding subtle perturbations to the input sample. Adversarial machine learning (AML) has been extensively studied in image recognition. In the field of intrusion detection, which is inherently highly antagonistic, it may directly make ML-based detectors unavailable and cause significant property damage. To deal with such threats, the latest work of applying AML technology was systematically investigated in NIDS from two perspectives: attack and defense. First, the unique constraints and challenges were revealed when applying AML technology in the NIDS field; secondly, a multi-dimensional taxonomy was proposed according to the adversarial attack stage, and current work was compared and summarized on this basis; finally, the future research directions was discussed.

• 单位
  中国科学院大学