{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T22:25:32Z","timestamp":1778624732711,"version":"3.51.4"},"reference-count":50,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.comnet.2026.112376","type":"journal-article","created":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T10:58:45Z","timestamp":1778583525000},"page":"112376","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Adversarial traffic generation with legality preservation: A hybrid policy-based framework"],"prefix":"10.1016","volume":"285","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7291-3920","authenticated-orcid":false,"given":"Yizhao","family":"Huang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaohui","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7550-3970","authenticated-orcid":false,"given":"Jiaxuan","family":"Geng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaolan","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuxue","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"issue":"5","key":"10.1016\/j.comnet.2026.112376_b1","doi-asserted-by":"crossref","first-page":"2415","DOI":"10.3390\/s23052415","article-title":"Survey on intrusion detection systems based on machine learning techniques for the protection of critical infrastructure","volume":"23","author":"Pinto","year":"2023","journal-title":"Sensors"},{"issue":"2","key":"10.1016\/j.comnet.2026.112376_b2","doi-asserted-by":"crossref","first-page":"62","DOI":"10.3390\/fi15020062","article-title":"Adversarial machine learning attacks against intrusion detection systems: A survey on strategies and defense","volume":"15","author":"Alotaibi","year":"2023","journal-title":"Futur. Internet"},{"issue":"4","key":"10.1016\/j.comnet.2026.112376_b3","doi-asserted-by":"crossref","first-page":"3584","DOI":"10.1109\/COMST.2019.2932905","article-title":"A survey on recent advances in transport layer protocols","volume":"21","author":"Polese","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2026.112376_b4","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1016\/j.ins.2013.03.022","article-title":"Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues","volume":"239","author":"Corona","year":"2013","journal-title":"Inform. Sci."},{"key":"10.1016\/j.comnet.2026.112376_b5","series-title":"Adversarial deep learning against intrusion detection classifiers","author":"Rigaki","year":"2017"},{"key":"10.1016\/j.comnet.2026.112376_b6","doi-asserted-by":"crossref","first-page":"38367","DOI":"10.1109\/ACCESS.2018.2854599","article-title":"Deep learning-based intrusion detection with adversaries","volume":"6","author":"Wang","year":"2018","journal-title":"IEEE Access"},{"key":"10.1016\/j.comnet.2026.112376_b7","doi-asserted-by":"crossref","unstructured":"Chaoyun Zhang, Xavier Costa-P\u00e9rez, Paul Patras, Tiki-taka: Attacking and defending deep learning-based intrusion detection systems, in: Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop, 2020, pp. 27\u201339.","DOI":"10.1145\/3411495.3421359"},{"issue":"4","key":"10.1016\/j.comnet.2026.112376_b8","doi-asserted-by":"crossref","first-page":"1975","DOI":"10.1109\/TNSM.2020.3031843","article-title":"Deep reinforcement adversarial learning against botnet evasion attacks","volume":"17","author":"Apruzzese","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2026.112376_b9","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2021.115782","article-title":"Adversarial machine learning in network intrusion detection systems","volume":"186","author":"Alhajjar","year":"2021","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.comnet.2026.112376_b10","series-title":"2021 IEEE International Conference on Big Data","first-page":"3343","article-title":"Evaluating model robustness to adversarial samples in network intrusion detection","author":"Schneider","year":"2021"},{"issue":"4","key":"10.1016\/j.comnet.2026.112376_b11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3544746","article-title":"Fence: Feasible evasion attacks on neural networks in constrained environments","volume":"25","author":"Chernikova","year":"2022","journal-title":"ACM Trans. Priv. Secur."},{"key":"10.1016\/j.comnet.2026.112376_b12","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1016\/j.neucom.2021.12.015","article-title":"Generating adversarial examples via enhancing latent spatial features of benign traffic and preserving malicious functions","volume":"490","author":"Zhang","year":"2022","journal-title":"Neurocomputing"},{"issue":"5","key":"10.1016\/j.comnet.2026.112376_b13","doi-asserted-by":"crossref","first-page":"727","DOI":"10.3233\/JCS-210094","article-title":"Adversarial examples for network intrusion detection systems","volume":"30","author":"Sheatsley","year":"2022","journal-title":"J. Comput. Secur."},{"key":"10.1016\/j.comnet.2026.112376_b14","series-title":"Improving network intrusion detection classifiers by non-payload-based exploit-independent obfuscations: An adversarial approach","author":"Homoliak","year":"2018"},{"key":"10.1016\/j.comnet.2026.112376_b15","doi-asserted-by":"crossref","unstructured":"Mohammad J. Hashemi, Greg Cusack, Eric Keller, Towards evaluation of nidss in adversarial setting, in: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, 2019, pp. 14\u201321.","DOI":"10.1145\/3359992.3366642"},{"key":"10.1016\/j.comnet.2026.112376_b16","doi-asserted-by":"crossref","first-page":"3225","DOI":"10.1109\/TIFS.2022.3201377","article-title":"Tantra: Timing-based adversarial network traffic reshaping attack","volume":"17","author":"Sharon","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.comnet.2026.112376_b17","doi-asserted-by":"crossref","unstructured":"Aditya Kuppa, Slawomir Grzonkowski, Muhammad Rizwan Asghar, Nhien-An Le-Khac, Black box attacks on deep anomaly detectors, in: Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019, pp. 1\u201310.","DOI":"10.1145\/3339252.3339266"},{"issue":"8","key":"10.1016\/j.comnet.2026.112376_b18","doi-asserted-by":"crossref","first-page":"2632","DOI":"10.1109\/JSAC.2021.3087242","article-title":"Evaluating and improving adversarial robustness of machine learning-based network intrusion detectors","volume":"39","author":"Han","year":"2021","journal-title":"IEEE J. Sel. Areas Commun."},{"issue":"9","key":"10.1016\/j.comnet.2026.112376_b19","doi-asserted-by":"crossref","first-page":"2169","DOI":"10.1007\/s11590-023-02007-7","article-title":"Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems","volume":"18","author":"Chale","year":"2024","journal-title":"Optim. Lett."},{"issue":"2","key":"10.1016\/j.comnet.2026.112376_b20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3712307","article-title":"Deep packgen: A deep reinforcement learning framework for adversarial network packet generation","volume":"28","author":"Hore","year":"2025","journal-title":"ACM Trans. Priv. Secur."},{"key":"10.1016\/j.comnet.2026.112376_b21","series-title":"Advances in Knowledge Discovery and Data Mining","first-page":"79","article-title":"IDSGAN: Generative adversarial networks for attack generation against intrusion detection","volume":"vol. 13282","author":"Lin","year":"2022"},{"key":"10.1016\/j.comnet.2026.112376_b22","series-title":"2018 IEEE Security and Privacy Workshops","first-page":"70","article-title":"Bringing a GAN to a knife-fight: Adapting malware communication to avoid detection","author":"Rigaki","year":"2018"},{"issue":"1","key":"10.1016\/j.comnet.2026.112376_b23","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3639037","article-title":"NetDiffusion: Network data augmentation through protocol-constrained traffic generation","volume":"8","author":"Jiang","year":"2024","journal-title":"Proc. ACM Meas. Anal. Comput. Syst."},{"issue":"24","key":"10.1016\/j.comnet.2026.112376_b24","doi-asserted-by":"crossref","first-page":"5030","DOI":"10.3390\/electronics13245030","article-title":"A systematic study of adversarial attacks against network intrusion detection systems","volume":"13","author":"Sharma","year":"2024","journal-title":"Electronics"},{"key":"10.1016\/j.comnet.2026.112376_b25","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2025.3600984","article-title":"Adversarial challenges in network intrusion detection systems: Research insights and future prospects","author":"Ennaji","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.comnet.2026.112376_b26","series-title":"Proximal policy optimization algorithms","author":"Schulman","year":"2017"},{"key":"10.1016\/j.comnet.2026.112376_b27","series-title":"International Conference on Machine Learning","first-page":"1861","article-title":"Soft actor-critic: Off-policy maximum entropy deep reinforcement learning with a stochastic actor","author":"Haarnoja","year":"2018"},{"key":"10.1016\/j.comnet.2026.112376_b28","series-title":"International Conference on Machine Learning","first-page":"22","article-title":"Constrained policy optimization","author":"Achiam","year":"2017"},{"issue":"3","key":"10.1016\/j.comnet.2026.112376_b29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3469659","article-title":"Modeling realistic adversarial attacks against network intrusion detection systems","volume":"3","author":"Apruzzese","year":"2022","journal-title":"Digit. Threat.: Res. Pract. (DTRAP)"},{"key":"10.1016\/j.comnet.2026.112376_b30","doi-asserted-by":"crossref","unstructured":"Mohammed Alshiekh, Roderick Bloem, R\u00fcdiger Ehlers, Bettina K\u00f6nighofer, Scott Niekum, Ufuk Topcu, Safe reinforcement learning via shielding, in: Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 32, 2018.","DOI":"10.1609\/aaai.v32i1.11797"},{"key":"10.1016\/j.comnet.2026.112376_b31","series-title":"31st International Conference on Concurrency Theory","article-title":"Safe reinforcement learning using probabilistic shields","author":"Jansen","year":"2020"},{"issue":"1","key":"10.1016\/j.comnet.2026.112376_b32","first-page":"1437","article-title":"A comprehensive survey on safe reinforcement learning","volume":"16","author":"Garc\u0131a","year":"2015","journal-title":"J. Mach. Learn. Res."},{"key":"10.1016\/j.comnet.2026.112376_b33","series-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013"},{"key":"10.1016\/j.comnet.2026.112376_b34","series-title":"2016 IEEE European Symposium on Security and Privacy","first-page":"372","article-title":"The limitations of deep learning in adversarial settings","author":"Papernot","year":"2016"},{"key":"10.1016\/j.comnet.2026.112376_b35","series-title":"Network Analysis, Architecture, and Design","author":"McCabe","year":"2010"},{"key":"10.1016\/j.comnet.2026.112376_b36","doi-asserted-by":"crossref","unstructured":"Xinjie Lin, Gang Xiong, Gaopeng Gou, Zhen Li, Junzheng Shi, Jing Yu, Et-bert: A contextualized datagram representation with pre-training transformers for encrypted traffic classification, in: Proceedings of the ACM Web Conference 2022, 2022, pp. 633\u2013642.","DOI":"10.1145\/3485447.3512217"},{"key":"10.1016\/j.comnet.2026.112376_b37","series-title":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks","first-page":"1","article-title":"Investigating adversarial attacks against network intrusion detection systems in sdns","author":"Aiken","year":"2019"},{"issue":"1","key":"10.1016\/j.comnet.2026.112376_b38","article-title":"A black-box attack method against machine-learning-based anomaly network flow detection models","volume":"2021","author":"Guo","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"10.1016\/j.comnet.2026.112376_b39","series-title":"2020 IEEE 32nd International Conference on Tools with Artificial Intelligence","first-page":"686","article-title":"Adversarial attack against LSTM-based ddos intrusion detection system","author":"Huang","year":"2020"},{"key":"10.1016\/j.comnet.2026.112376_b40","unstructured":"Milad Nasr, Alireza Bahramali, Amir Houmansadr, Defeating {DNN-Based} traffic analysis systems in {Real-Time} with blind adversarial perturbations, in: 30th USENIX Security Symposium, USENIX Security 21, 2021, pp. 2705\u20132722."},{"issue":"2","key":"10.1016\/j.comnet.2026.112376_b41","doi-asserted-by":"crossref","first-page":"1962","DOI":"10.1109\/TNSM.2021.3052888","article-title":"Adversarial network traffic: Towards evaluating the robustness of deep-learning-based network traffic classification","volume":"18","author":"Sadeghzadeh","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2026.112376_b42","doi-asserted-by":"crossref","unstructured":"Dule Shu, Nandi O Leslie, Charles A Kamhoua, Conrad S Tucker, Generative adversarial attacks against intrusion detection systems using active learning, in: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, 2020, pp. 1\u20136.","DOI":"10.1145\/3395352.3402618"},{"issue":"12","key":"10.1016\/j.comnet.2026.112376_b43","doi-asserted-by":"crossref","first-page":"3387","DOI":"10.1007\/s13042-019-00925-6","article-title":"Automatically synthesizing DoS attack traces using generative adversarial networks","volume":"10","author":"Yan","year":"2019","journal-title":"Int. J. Mach. Learn. Cybern."},{"issue":"5","key":"10.1016\/j.comnet.2026.112376_b44","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"4","author":"Banoth","year":"2017","journal-title":"Int. J. Res."},{"issue":"4","key":"10.1016\/j.comnet.2026.112376_b45","doi-asserted-by":"crossref","DOI":"10.1007\/s11831-020-09478-2","article-title":"A review on the effectiveness of machine learning and deep learning algorithms for cyber security","volume":"28","author":"Geetha","year":"2021","journal-title":"Arch. Comput. Methods Eng."},{"key":"10.1016\/j.comnet.2026.112376_b46","series-title":"2016 International Conference on Platform Technology and Service","first-page":"1","article-title":"Long short term memory recurrent neural network classifier for intrusion detection","author":"Kim","year":"2016"},{"issue":"1","key":"10.1016\/j.comnet.2026.112376_b47","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/TETCI.2017.2772792","article-title":"A deep learning approach to network intrusion detection","volume":"2","author":"Shone","year":"2018","journal-title":"IEEE Trans. Emerg. Top. Comput. Intell."},{"key":"10.1016\/j.comnet.2026.112376_b48","series-title":"CIC-IDS2017 dataset","year":"2017"},{"key":"10.1016\/j.comnet.2026.112376_b49","series-title":"CSE-CIC-IDS2018 dataset","year":"2018"},{"issue":"3","key":"10.1016\/j.comnet.2026.112376_b50","doi-asserted-by":"crossref","first-page":"2902","DOI":"10.1109\/TNSM.2021.3064974","article-title":"Flow-aware forwarding in SDN datacenters using a knapsack-PSO-based solution","volume":"18","author":"Abdollahi","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128626003889?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128626003889?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T21:28:24Z","timestamp":1778621304000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128626003889"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":50,"alternative-id":["S1389128626003889"],"URL":"https:\/\/doi.org\/10.1016\/j.comnet.2026.112376","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Adversarial traffic generation with legality preservation: A hybrid policy-based framework","name":"articletitle","label":"Article Title"},{"value":"Computer Networks","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.comnet.2026.112376","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"112376"}}