{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T16:30:35Z","timestamp":1778085035644,"version":"3.51.4"},"reference-count":55,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,8,28]],"date-time":"2024-08-28T00:00:00Z","timestamp":1724803200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,8,28]],"date-time":"2024-08-28T00:00:00Z","timestamp":1724803200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,8,28]]},"DOI":"10.1109\/pst62714.2024.10788064","type":"proceedings-article","created":{"date-parts":[[2024,12,16]],"date-time":"2024-12-16T19:15:09Z","timestamp":1734376509000},"page":"1-9","source":"Crossref","is-referenced-by-count":18,"title":["Poisoning and Evasion: Deep Learning-Based NIDS under Adversarial Attacks"],"prefix":"10.1109","author":[{"given":"Hesamodin","family":"Mohammadian","sequence":"first","affiliation":[{"name":"Canadian Institute for Cybersecurity (CIC), University of New Brunswick,Fredericton,NB,Canada"}]},{"given":"Arash","family":"Habibi Lashkari","sequence":"additional","affiliation":[{"name":"Behaviour-Centric Cybersecurity Center (BCCC) York University,Toronto,ON,Canada"}]},{"given":"Ali A.","family":"Ghorbani","sequence":"additional","affiliation":[{"name":"Canadian Institute for Cybersecurity (CIC), University of New Brunswick,Fredericton,NB,Canada"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.14429\/dsj.68.12371"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3523273"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"ref6","article-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013","journal-title":"arXiv preprint"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3551636"},{"key":"ref8","article-title":"Towards demysti-fying membership inference attacks","author":"Truex","year":"2018","journal-title":"arXiv preprint"},{"key":"ref9","first-page":"1964","article-title":"Label-only membership inference attacks","volume-title":"International conference on machine learning","author":"Choquette-Choo","year":"2021"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00033"},{"key":"ref11","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014","journal-title":"arXiv preprint"},{"issue":"7","key":"ref12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3538707","article-title":"Threats to training: A survey of poisoning attacks and defenses on machine learning systems","volume":"55","author":"Wang","year":"2022","journal-title":"ACM Computing Surveys"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIEC.2019.8784514"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.100199"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/65.283931"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.5120\/14210-2458"},{"key":"ref18","article-title":"Shallow and deep networks intrusion detection system: A taxonomy and survey","author":"Hodo","year":"2017","journal-title":"arXiv preprint"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(98)00017-6"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/NAECON.2012.6531064"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/RAIT.2016.7507884"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICNC.2008.900"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1037\/h0042519"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.21236\/AD0256582"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/11301.001.0001"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/0893-6080(89)90020-8"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TAC.1973.1100330"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0006203"},{"key":"ref29","article-title":"Adam: A method for stochastic optimization","author":"Kingma","year":"2014","journal-title":"arXiv preprint"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00299"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2019.2916086"},{"key":"ref32","article-title":"Ml-leaks: Model and data independent membership inference at-tacks and defenses on machine learning models","author":"Salem","year":"2018","journal-title":"arXiv prep rint"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2019.2897554"},{"key":"ref34","first-page":"17","article-title":"Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing","volume-title":"23rd {USENIX} Security Symposium ({ USENIX} Security 14)","author":"Fredrikson"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-28954-6_7"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00038"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2015.071829"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"ref41","article-title":"Ensemble adversarial training: Attacks and defenses","author":"Tramer","year":"2017","journal-title":"arXiv preprint"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref43","first-page":"599","article-title":"Scalable optimization of randomized op-erational decisions in adversarial classification settings","author":"Li","year":"2015","journal-title":"Artificial Intelligence and Statistics"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23198"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-010-5188-5"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128824"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.5220\/0012038100003555"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2023.110173"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1125974"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/ICISSEC.2016.7885840"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.5220\/0006105602530262"}],"event":{"name":"2024 21st Annual International Conference on Privacy, Security and Trust (PST)","location":"Sydney, Australia","start":{"date-parts":[[2024,8,28]]},"end":{"date-parts":[[2024,8,30]]}},"container-title":["2024 21st Annual International Conference on Privacy, Security and Trust (PST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10788036\/10788037\/10788064.pdf?arnumber=10788064","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,17]],"date-time":"2024-12-17T06:00:52Z","timestamp":1734415252000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10788064\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,28]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/pst62714.2024.10788064","relation":{},"subject":[],"published":{"date-parts":[[2024,8,28]]}}}