A Hard-Label Black-Box Evasion Attack against ML-based Malicious Traffic Detection Systems
Zixuan Liu
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Network Security
This talk introduces **NetMasquerade**, a practical hard-label black-box evasion attack against machine learning-based malicious traffic detection systems. The research addresses a critical gap in adversarial ML for network security: existing attacks either require white-box access to the target model or are impractical in constrained real-world settings. NetMasquerade achieves over **90% average attack success rate (ASR)** across 72 attack scenarios targeting six advanced detection systems, while operating under strict black-box constraints where the attacker receives only binary pass/fail feedback.
AI review
A rigorous adversarial ML attack against network traffic detection that actually operates under realistic constraints -- hard-label black-box with binary feedback only. The two-stage architecture combining a custom Traffic-BERT with RL-based mutation achieves over 90% evasion across 72 scenarios against six detection systems, with 69.6x speed improvement over baselines. This is practical offensive research with real implications for deployed ML defenses.