{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T15:07:09Z","timestamp":1779030429760,"version":"3.51.4"},"reference-count":59,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T00:00:00Z","timestamp":1778544000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100016300","name":"University of Pittsburgh Center for Research Computing","doi-asserted-by":"crossref","award":["RRID:SCR_022735"],"award-info":[{"award-number":["RRID:SCR_022735"]}],"id":[{"id":"10.13039\/100016300","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Science Foundation","award":["OAC-2117681, #2324873"],"award-info":[{"award-number":["OAC-2117681, #2324873"]}]},{"DOI":"10.13039\/100007295","name":"Mascaro Center for Sustainable Innovation","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100007295","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000015","name":"Department of Energy","doi-asserted-by":"crossref","award":["#DECR0000041"],"award-info":[{"award-number":["#DECR0000041"]}],"id":[{"id":"10.13039\/100000015","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,7,31]]},"abstract":"<jats:p>\n                    The rapid expansion of connected devices has made them prime targets for cyberattacks. To address these threats, deep learning-based, data-driven intrusion detection systems (IDS) have emerged as powerful tools for detecting and mitigating such attacks. These IDSs analyze network traffic to identify unusual patterns and anomalies that may indicate potential security breaches. However, prior research has shown that deep learning models are vulnerable to backdoor attacks, where attackers inject triggers into the model to manipulate its behavior and cause misclassifications of network traffic. In this article, we explore the susceptibility of deep learning-based IDS systems to backdoor attacks in the context of network traffic analysis. We introduce\n                    <jats:monospace>PCAP<\/jats:monospace>\n                    <jats:monospace>-<\/jats:monospace>\n                    <jats:monospace>Backdoor<\/jats:monospace>\n                    , a novel technique that facilitates backdoor attacks on PCAP datasets. Our experiments on real-world Cyber-Physical Systems (CPS) and Internet of Things (IoT) network traffic datasets demonstrate that attackers can effectively backdoor a model by poisoning as little as 2% or less of the entire training dataset. Moreover, we show that an attacker can introduce a trigger into benign traffic during model training yet cause the backdoored model to misclassify malicious traffic when the trigger is present. Finally, we highlight the difficulty of detecting this trigger-based backdoor, even when using existing backdoor defense techniques.\n                  <\/jats:p>","DOI":"10.1145\/3805033","type":"journal-article","created":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T14:22:31Z","timestamp":1774621351000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["PCAP-Backdoor: Backdoor Generator in Network Traffic for Intrusion Detection Systems"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-0375-0749","authenticated-orcid":false,"given":"Ajesh Koyatan","family":"Chathoth","sequence":"first","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, Pennsylvania, USA and Eaton Corporation, Pittsburgh, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-4277-7797","authenticated-orcid":false,"given":"Karandeep","family":"Parashar","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8229-2821","authenticated-orcid":false,"given":"Anfeng","family":"Peng","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9022-4259","authenticated-orcid":false,"given":"Stephen","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,5,12]]},"reference":[{"issue":"1","key":"e_1_3_2_2_2","first-page":"55","article-title":"Analysis of various packet sniffing tools for network monitoring and analysis","volume":"1","author":"Asrodia Pallavi","year":"2012","unstructured":"Pallavi Asrodia and Hemlata Patel. 2012. Analysis of various packet sniffing tools for network monitoring and analysis. International Journal of Electrical, Electronics and Computer Engineering 1, 1 (2012), 55\u201358.","journal-title":"International Journal of Electrical, Electronics and Computer Engineering"},{"key":"e_1_3_2_3_2","unstructured":"Ajesh Koyatan Chathoth Abhyuday Jagannatha and Stephen Lee. 2021. Federated intrusion detection for IoT with heterogeneous cohort privacy. arXiv:2101.09878. Retrieved from https:\/\/arxiv.org\/abs\/2101.09878"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPS-ISA62245.2024.00030"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData55660.2022.10021082"},{"key":"e_1_3_2_6_2","doi-asserted-by":"crossref","unstructured":"Ajesh Koyatan Chathoth Shuhao Yu and Stephen Lee. 2025. Dynamic user-controllable privacy-preserving few-shot sensing framework. arXiv:2508.03989. Retrieved from https:\/\/arxiv.org\/abs\/2508.03989","DOI":"10.1109\/BigData66926.2025.11402272"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData66926.2025.11402272"},{"key":"e_1_3_2_8_2","unstructured":"Bryant Chen Wilka Carvalho Nathalie Baracaldo Heiko Ludwig Benjamin Edwards Taesung Lee Ian Molloy and Biplav Srivastava. 2018. Detecting backdoor attacks on deep neural networks by activation clustering. arXiv:1811.03728. Retrieved from https:\/\/arxiv.org\/abs\/1811.03728"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.5555\/3600270.3600977"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2941376"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.5555\/3540261.3541709"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01175"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS47205.2019.9040718"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2019.00191"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05849-4_19"},{"key":"e_1_3_2_16_2","unstructured":"Leilei Gan Jiwei Li Tianwei Zhang Xiaoya Li Yuxian Meng Fei Wu Yi Yang Shangwei Guo and Chun Fan. 2021. Triggerless backdoor attack for NLP tasks with clean labels. arXiv:2111.07970. Retrieved from https:\/\/arxiv.org\/abs\/2111.07970"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00390"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179375"},{"key":"e_1_3_2_19_2","unstructured":"Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv:1412.6572. Retrieved from https:\/\/arxiv.org\/abs\/1412.6572"},{"key":"e_1_3_2_20_2","unstructured":"Dou Goodman Hao Xin Wang Yang Wu Yuesheng Xiong Junfeng and Zhang Huan. 2020. Advbox: a toolbox to generate adversarial examples that fool neural networks. arXiv:2001.05574. Retrieved from https:\/\/arxiv.org\/abs\/2001.05574"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW58026.2022.00080"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/7367107"},{"key":"e_1_3_2_24_2","unstructured":"Xijie Huang Moustafa Alzantot and Mani Srivastava. 2019. NeuronInspect: Detecting backdoors in neural networks via output explanations. arXiv:1911.07399. Retrieved from https:\/\/arxiv.org\/abs\/1911.07399"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12244953"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00786"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVW54120.2021.00007"},{"key":"e_1_3_2_29_2","volume-title":"Network Analysis Using Wireshark 2 Cookbook: Practical Recipes to Analyze and Secure Your Network Using Wireshark 2","author":"Kumar Nagendra","year":"2018","unstructured":"Nagendra Kumar, Yogesh Ramdoss, and Yoram Orzach. 2018. Network Analysis Using Wireshark 2 Cookbook: Practical Recipes to Analyze and Secure Your Network Using Wireshark 2. Packt Publishing Ltd."},{"key":"e_1_3_2_30_2","first-page":"14900","volume-title":"Proceedings of the 35th Conference on Neural Information Processing Systems (NIPS \u201921)","author":"Li Yige","year":"2021","unstructured":"Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Anti-backdoor learning: Training clean models on poisoned data. In Proceedings of the 35th Conference on Neural Information Processing Systems (NIPS \u201921), 14900\u201314912."},{"key":"e_1_3_2_31_2","volume-title":"Proceedings of the Workshop on Open-World Agents: Synnergizing Reasoning and Decision-Making in Open-World Environments (OWA \u201924)","author":"Li Yanjie","year":"2024","unstructured":"Yanjie Li, Zhen Xiang, Nathaniel D. Bastian, Dawn Song, and Bo Li. 2024. IDS-Agent: An LLM agent for explainable intrusion detection in IoT networks. In Proceedings of the Workshop on Open-World Agents: Synnergizing Reasoning and Decision-Making in Open-World Environments (OWA \u201924)."},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-021-3455-1"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2018.03367731"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE63647.2025.10930150"},{"key":"e_1_3_2_37_2","doi-asserted-by":"crossref","unstructured":"Yisroel Mirsky Tomer Doitshman Yuval Elovici and Asaf Shabtai. 2018. Kitsune: An ensemble of autoencoders for online network intrusion detection. arXiv:1802.09089. Retrieved from https:\/\/arxiv.org\/abs\/1802.09089","DOI":"10.14722\/ndss.2018.23204"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.5555\/3495724.3496015"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.14722\/diss.2020.23003"},{"key":"e_1_3_2_40_2","unstructured":"Maria-Irina Nicolae Mathieu Sinn Minh Ngoc Tran Beat Buesser Ambrish Rawat Martin Wistuba Valentina Zantedeschi Nathalie Baracaldo Bryant Chen Heiko Ludwig et al. 2018. Adversarial robustness toolbox v1. 0.0. arXiv:1807.01069. Retrieved from https:\/\/arxiv.org\/abs\/1807.01069"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM42981.2021.9488902"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM48880.2022.9796878"},{"key":"e_1_3_2_43_2","first-page":"3611","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security \u2019 22)","author":"Pan Xudong","year":"2022","unstructured":"Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, and Min Yang. 2022. Hidden trigger backdoor attack on NLP models via linguistic style manipulation. In Proceedings of the 31st USENIX Security Symposium (USENIX Security \u2019 22), 3611\u20133628."},{"key":"e_1_3_2_44_2","unstructured":"Nicolas Papernot Fartash Faghri Nicholas Carlini Ian Goodfellow Reuben Feinman Alexey Kurakin Cihang Xie Yash Sharma Tom Brown Aurko Roy et al. 2016. Technical report on the CleverHans v2. 1.0 adversarial examples library. arXiv:1610.00768. Retrieved from https:\/\/arxiv.org\/abs\/1610.00768"},{"key":"e_1_3_2_45_2","unstructured":"PcapPlusPlus. 2024. PcapPlusPlus. Retrieved April 2024 from https:\/\/pcapplusplus.github.io\/community"},{"key":"e_1_3_2_46_2","unstructured":"Anfeng Peng Ajesh Koyatan Chathoth and Stephen Lee. 2025. Log anomaly detection with large language models via knowledge-enriched fusion. arXiv:2512.11997. Retrieved from https:\/\/arxiv.org\/abs\/2512.11997"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.5555\/3454287.3455543"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i4.25656"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2019.00012"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.5555\/3327757.3327896"},{"key":"e_1_3_2_51_2","unstructured":"tshark. 2024. Wireshark. Retrieved April 2024 from https:\/\/www.wireshark.org\/docs\/man-pages\/tshark.html"},{"key":"e_1_3_2_52_2","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"der Maaten Laurens Van","year":"2008","unstructured":"Laurens Van der Maaten and Geoffrey Hinton. 2008. Visualizing data using t-SNE. Journal of Machine Learning Research 9 (2008), 2579\u20132605.","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01465"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.5555\/3540261.3541554"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58558-7_39"},{"key":"e_1_3_2_57_2","unstructured":"Kun Yang Samory Kpotufe and Nick Feamster. 2020. Feature extraction for novelty detection in network traffic. arXiv:2006.16993. Retrieved from https:\/\/arxiv.org\/abs\/2006.16993"},{"key":"e_1_3_2_58_2","unstructured":"Yujie Zhang Neil Gong and Michael K. Reiter. 2024. Concealing backdoor model updates in federated learning by trigger-optimized data poisoning. arXiv:2405.06206. Retrieved from https:\/\/arxiv.org\/abs\/2405.06206"},{"key":"e_1_3_2_59_2","volume-title":"Proceedings of the 37th International Conference on Neural Information Processing Systems (NIPS \u201923)","author":"Zhu Mingli","year":"2024","unstructured":"Mingli Zhu, Shaokui Wei, Hongyuan Zha, and Baoyuan Wu. 2024. Neural polarizer: A lightweight and effective backdoor defense via purifying poisoned features. In Proceedings of the 37th International Conference on Neural Information Processing Systems (NIPS \u201923)."},{"key":"e_1_3_2_60_2","unstructured":"zscaler. 2023. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report. Retrieved November 2024 from https:\/\/info.zscaler.com\/resources-industry-reports-threatlabz-2023-enterprise-ioT-ot-threat-report"}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805033","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805033","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T14:36:52Z","timestamp":1779028612000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3805033"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,12]]},"references-count":59,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,7,31]]}},"alternative-id":["10.1145\/3805033"],"URL":"https:\/\/doi.org\/10.1145\/3805033","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,12]]},"assertion":[{"value":"2025-02-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-03-13","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-05-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}