Network Intrusion Detection Systems: Machine Learning-Based Attack and Remedy Strategies – A Review

Abstract

Network Intrusion Detection Systems (NIDS) have played an important role in protecting computer networks against illegal or unauthorized access and many cyberattacks. Given the advancement of machine learning (ML) approaches, NIDS have become more effective in detecting various complex anomalies in computer networks. However, the increasing complexity in adversarial attacks (AAs) poses a significant challenge to such systems. Cyberattacks are estimated to cost approximately $10.5 trillion annually by 2025, and this encourages researchers to improve and develop ML-based NIDS in order to address adversarial vulnerabilities in these systems to remain the systems resilient to modern attacks. In this review, we reveal the weaknesses of ML-based IDS to AAs in which many different attack techniques, such as evasion, poisoning, and generative adversarial networks (GAN) have been included. Also, this study presents and evaluates current possible defensive approaches against AAs, including but not limited to anomaly detection approaches, adversarial training, and feature selection. We also provide a comparative analysis of different ML models used in NIDS in order to further evaluate the system’s susceptibility to sophisticated AAs. A discussion on future work to improve ML-based NIDS resilience against sophisticated attacks is also given.