Amplification methods to promote the attacks against machine learning-based intrusion detection systems

The security of machine learning attracts increasing attention in both academia and industry due to its vulnerability to adversarial examples. However, the research on adversarial examples in intrusion detection is currently in its infancy. In this paper, two novel adversarial attack amplification methods based on a unified framework are proposed to promote the attack performance of the classic white-box attack methods. The proposed methods shield the underlying implementation details of the target attack methods and can effectively boost different target attack methods through a unified interface. The proposed methods extract the original adversarial perturbations from the adversarial examples produced by the target attack methods and amplify the original adversarial perturbations to generate the amplified adversarial examples. The preliminary experimental results show that the proposed methods can effectively improve the attack performance of the classic white-box attack methods. Besides, the amplified adversarial examples crafted by the proposed methods show excellent transferability across different machine learning classifiers, which ensures that the application of the proposed methods is not limited to the white-box setting. Consequently, the proposed methods can be utilized to better assess the robustness of the machine learning-based intrusion detection systems against adversarial examples in various contexts.