{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:04:12Z","timestamp":1777806252442,"version":"3.51.4"},"reference-count":62,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2024,6,17]]},"abstract":"While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack.<\/jats:p>","DOI":"10.3233\/jcs-230031","type":"journal-article","created":{"date-parts":[[2023,11,17]],"date-time":"2023-11-17T11:39:13Z","timestamp":1700221153000},"page":"193-220","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":2,"title":["Analysis of neural network detectors for network attacks"],"prefix":"10.1177","volume":"32","author":[{"given":"Qingtian","family":"Zou","sequence":"first","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lan","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[{"name":"Security Test, Validation and Measurement Group, National Institute of Standards and Technology, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaoyan","family":"Sun","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Worcester Polytechnic Institute, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2023,11,15]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"M.\u00a0Alzantot, Y.\u00a0Sharma, S.\u00a0Chakraborty, H.\u00a0Zhang, C.J.\u00a0Hsieh and M.\u00a0Srivastava, GenAttack: Practical Black-box Attacks with Gradient-Free Optimization, 2019, arXiv:1805.11090 [cs].","DOI":"10.1145\/3321707.3321749"},{"key":"ref002","doi-asserted-by":"publisher","DOI":"10.1145\/3469659"},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2019.8935039"},{"key":"ref004","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3188930"},{"key":"ref005","unstructured":"Artificial Intelligence (AI) for Cybersecurity | IBM, 2023, [Online; accessed 27. Jun. 2023]. https:\/\/www.ibm.com\/security\/artificial-intelligence?utm_content=SRCWW&p1=Search&p4=43700074604519875&p5=p&gclsrc=aw.ds."},{"key":"ref006","unstructured":"W.\u00a0Brendel, J.\u00a0Rauber and M.\u00a0Bethge, Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models, 2018, arXiv:1712.04248."},{"key":"ref007","unstructured":"W.\u00a0Brendel, J.\u00a0Rauber, M.\u00a0K\u00fcmmerer, I.\u00a0Ustyuzhaninov and M.\u00a0Bethge, Accurate, reliable and fast robustness evaluation, 2019, arXiv:1907.01003."},{"key":"ref008","unstructured":"N.\u00a0Carlini and D.\u00a0Wagner, Defensive distillation is not robust to adversarial examples, 2016, arXiv preprint arXiv:1607.04311."},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref010","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00045"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"P.Y.\u00a0Chen, Y.\u00a0Sharma, H.\u00a0Zhang, J.\u00a0Yi and C.J.\u00a0Hsieh, EAD: Elastic-net attacks to deep neural networks via adversarial examples, in: Proceedings of the AAAI Conference on Artificial Intelligence 32(11), 2018, https:\/\/ojs.aaai.org\/index.php\/AAAI\/article\/view\/11302.","DOI":"10.1609\/aaai.v32i1.11302"},{"key":"ref012","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"ref013","unstructured":"G.K.\u00a0Dziugaite, Z.\u00a0Ghahramani and D.M.\u00a0Roy, A study of the effect of jpg compression on adversarial images, 2016, arXiv preprint arXiv:1608.00853."},{"key":"ref014","unstructured":"Fortinet Introduces Self-Learning Artificial Intelligence Appliance for Sub-Second Threat Detection, 2021, [Online; accessed 15. Jun. 2021]. https:\/\/www.fortinet.com\/corporate\/about-us\/newsroom\/press-releases\/2020\/introduces-self-learning-artificial-intelligence-appliance-for-sub-2nd-threat-detection."},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1702.06763"},{"key":"ref016","unstructured":"I.J.\u00a0Goodfellow, J.\u00a0Shlens and C.\u00a0Szegedy, Explaining and harnessing adversarial examples, 2014, arXiv preprint arXiv:1412.6572."},{"key":"ref017","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2021.3087242"},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1145\/3359992.3366642"},{"key":"ref019","unstructured":"Home \u2013 Suricata, 2021, [Online; accessed 15. Jun. 2021]. https:\/\/suricata.io."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"M.D.\u00a0Hossain, H.\u00a0Ochiai, D.\u00a0Fall and Y.\u00a0Kadobayashi, LSTM-based network attack detection: Performance comparison by hyper-parameter values tuning, in: 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)\/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), IEEE, 2020, pp.\u00a062\u201369.","DOI":"10.1109\/CSCloud-EdgeCom49738.2020.00020"},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.0-136"},{"key":"ref022","unstructured":"infosecdr, spade, 2021, [Online; accessed 15. Jun. 2021]. https:\/\/github.com\/infosecdr\/spade."},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"B.\u00a0Ingre, A.\u00a0Yadav and A.K.\u00a0Soni, Decision tree based intrusion detection system for NSL-KDD dataset, in: Information and Communication Technology for Intelligent Systems (ICTIS 2017)\u00a0\u2013Volume 2 2, Springer, 2018, pp.\u00a0207\u2013218.","DOI":"10.1007\/978-3-319-63645-0_23"},{"key":"ref024","unstructured":"V.\u00a0Jakkal, Empowering defenders at the speed of AI \u2013 The Official Microsoft Blog,\n Official Microsoft Blog\n (2023). https:\/\/blogs.microsoft.com\/blog\/2023\/03\/28\/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai."},{"key":"ref025","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134635"},{"key":"ref026","doi-asserted-by":"publisher","DOI":"10.1109\/ICoAC.2014.7229711"},{"key":"ref027","doi-asserted-by":"publisher","DOI":"10.1109\/CSNT.2015.185"},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"A.\u00a0Kurakin, I.\u00a0Goodfellow and S.\u00a0Bengio, Adversarial Examples in the Physical World, 2017, arXiv:1607.02533.","DOI":"10.1201\/9781351251389-8"},{"key":"ref029","unstructured":"A.\u00a0Madry, A.\u00a0Makelov, L.\u00a0Schmidt, D.\u00a0Tsipras and A.\u00a0Vladu, Towards deep learning models resistant to adversarial attacks, 2017, arXiv preprint arXiv:1706.06083."},{"key":"ref030","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-017-0971-8"},{"key":"ref031","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1802.09089"},{"key":"ref032","unstructured":"T.\u00a0Miyato, S.I.\u00a0Maeda, M.\u00a0Koyama, K.\u00a0Nakae and S.\u00a0Ishii, Distributional Smoothing with Virtual Adversarial Training, 2016, arXiv:1507.00677."},{"key":"ref033","doi-asserted-by":"crossref","unstructured":"S.M.\u00a0Moosavi-Dezfooli, A.\u00a0Fawzi and P.\u00a0Frossard, Deepfool: A simple and accurate method to fool deep neural networks, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp.\u00a02574\u20132582.","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref034","unstructured":"M.I.\u00a0Nicolae, M.\u00a0Sinn, M.N.\u00a0Tran, B.\u00a0Buesser, A.\u00a0Rawat, M.\u00a0Wistuba, V.\u00a0Zantedeschi, N.\u00a0Baracaldo, B.\u00a0Chen, H.\u00a0Ludwig, I.\u00a0Molloy and B.\u00a0Edwards, Adversarial Robustness Toolbox v1.2.0, CoRR 1807 (2018), 01069, https:\/\/arxiv.org\/pdf\/1807.01069."},{"key":"ref035","unstructured":"N.\u00a0Papernot, P.\u00a0McDaniel and I.\u00a0Goodfellow, Transferability in machine learning: from phenomena to black-box attacks using adversarial samples, 2016, arXiv preprint arXiv:1605.07277."},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"ref037","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref038","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00073"},{"key":"ref040","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3075503"},{"key":"ref041","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3048038"},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.17485\/ijst\/2017\/v10i29\/109053"},{"key":"ref043","unstructured":"J.\u00a0Rauber, W.\u00a0Brendel and M.\u00a0Bethge, Foolbox: A Python toolbox to benchmark the robustness of machine learning models, in: Reliable Machine Learning in the Wild Workshop, 34th International Conference on Machine Learning, 2017, http:\/\/arxiv.org\/abs\/1707.04131."},{"key":"ref044","doi-asserted-by":"publisher","DOI":"10.21105\/joss.02607"},{"issue":"12","key":"ref045","first-page":"1848","volume":"2","author":"Revathi S.","year":"2013","journal-title":"International Journal of Engineering Research & Technology (IJERT)"},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"J.\u00a0Rony, L.G.\u00a0Hafemann, L.S.\u00a0Oliveira, I.B.\u00a0Ayed, R.\u00a0Sabourin and E.\u00a0Granger, Decoupling direction and norm for efficient gradient-based L2 adversarial attacks and defenses, 2019, arXiv:1811.09600 [cs].","DOI":"10.1109\/CVPR.2019.00445"},{"key":"ref047","unstructured":"A.M.\u00a0Sharifi, S.K.\u00a0Amirgholipour and A.\u00a0Pourebrahimi, Intrusion detection based on joint of k-means and knn, Journal of Convergence Information Technology 10(5) (2015), 42."},{"key":"ref048","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484570"},{"key":"ref049","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-210094"},{"key":"ref050","unstructured":"Snort\u00a0\u2013 Network Intrusion Detection & Prevention System, 2021, [Online; accessed 15. Jun. 2021]. https:\/\/www.snort.org."},{"key":"ref051","unstructured":"Splunk and Tensorflow for Security: Catching the Fraudster with Behavior Biometrics, 2017, [Online; accessed 15. Jun. 2021]. https:\/\/www.splunk.com\/en_us\/blog\/security\/deep-learning-with-splunk-and-tensorflow-for-security-catching-the-fraudster-in-neural-networks-with-behavioral-biometrics.html."},{"key":"ref052","doi-asserted-by":"crossref","unstructured":"M.\u00a0Tavallaee, E.\u00a0Bagheri, W.\u00a0Lu and A.A.\u00a0Ghorbani, A detailed analysis of the KDD CUP 99 data set, in: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ieee, 2009, pp.\u00a01\u20136.","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref053","unstructured":"The Zeek Network Security Monitor, 2023, [Online; accessed 21. Feb. 2023]. https:\/\/zeek.org."},{"key":"ref054","unstructured":"K.\u00a0Townsend, SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint,\n SecurityWeek\n (2023), https:\/\/www.securityweek.com\/saas-ransomware-attack-hit-sharepoint-online-without-using-a-compromised-endpoint."},{"key":"ref055","unstructured":"Training Transformers for Cyber Security Tasks: A Case Study on, 2021, [Online; accessed 15. Jun. 2021]. https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/01\/training-transformers-for-cyber-security-tasks-malicious-url-prediction.html."},{"key":"ref056","doi-asserted-by":"crossref","unstructured":"F.\u00a0Tram\u00e8r and D.\u00a0Boneh, Adversarial Training and Robustness for Multiple Perturbations, 2019, arXiv:1904.13000.","DOI":"10.1145\/3319535.3354222"},{"key":"ref057","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2019.03.003"},{"key":"ref058","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761337"},{"key":"ref059","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2018.2886017"},{"key":"ref060","doi-asserted-by":"crossref","unstructured":"X.\u00a0Yuan, C.\u00a0Li and X.\u00a0Li, DeepDefense: Identifying DDoS Attack via Deep Learning, in: 2017 IEEE International Conference on Smart Computing, SMARTCOMP 2017, 2017, https:\/\/ieeexplore.ieee.org\/abstract\/document\/7946998\/.","DOI":"10.1109\/SMARTCOMP.2017.7946998"},{"key":"ref061","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Zhang, X.\u00a0Chen, D.\u00a0Guo, M.\u00a0Song, Y.\u00a0Teng and X.\u00a0Wang, PCCN: Parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows,\n IEEE Access\n (2019), 1\u20131, https:\/\/ieeexplore.ieee.org\/abstract\/document\/8787567\/.","DOI":"10.1109\/ACCESS.2019.2933165"},{"key":"ref062","doi-asserted-by":"crossref","unstructured":"Q.\u00a0Zou, A.\u00a0Singhal, X.\u00a0Sun and P.\u00a0Liu, Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach,\n Journal of Computer Security\n (2021), 1\u201330.","DOI":"10.3233\/JCS-210101"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-230031","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-230031","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-230031","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:49Z","timestamp":1777495549000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-230031"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":62,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6,17]]}},"alternative-id":["10.3233\/JCS-230031"],"URL":"https:\/\/doi.org\/10.3233\/jcs-230031","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,15]]}}}