Machine Learning (ML) plays a central role in Network Intrusion Detection Systems (NIDS), as it can be used to analyze complex traffic patterns and detect previously unseen attacks. With Industrial Control Systems (ICS) becoming increasingly connected and exposed to novel threats, ML-NIDS have been widely adopted to provide automated detection of cyberattacks targeting control processes and critical infrastructures. While ML-NIDS demonstrate good effectiveness and high performance, adversarial ML attacks based on input data manipulation have been shown to undermine their robustness. However, existing adversarial strategies against ML-NIDS in ICS primarily focus on modifying traffic attributes at the flow level, without considering the constraints imposed by the underlying network protocols. In this paper, we propose a packet-level adversarial attack to evade ML-NIDS for Modbus TCP. We modify raw packet captures using two manipulation methods, namely jitter and padding, which reshape the features of the resulting flows while preserving Modbus functionalities. We evaluate the impact of these perturbations on the CIC Modbus 2023 dataset, considering three different attacker scenarios and targeting three popular ML models (Decision Tree, Random Forest, Histogram Gradient Boosting). Results show that our attack strategies degrade ML-NIDS performance, with detection rates falling below 0.5 in 31 out of 45 cases.
Evading ML Network Intrusion Detection Systems for Modbus TCP with Problem-Space Perturbations / Galli, D., Zoccoli, G.G., Bianchini, D., Stabili, D., Marchetti, M.. - 4198:(2026). (2026 Joint National Conference on Cybersecurity, ITASEC and SERICS 2026 ita 2026).
Evading ML Network Intrusion Detection Systems for Modbus TCP with Problem-Space Perturbations
Galli D.;Stabili D.;
2026
Abstract
Machine Learning (ML) plays a central role in Network Intrusion Detection Systems (NIDS), as it can be used to analyze complex traffic patterns and detect previously unseen attacks. With Industrial Control Systems (ICS) becoming increasingly connected and exposed to novel threats, ML-NIDS have been widely adopted to provide automated detection of cyberattacks targeting control processes and critical infrastructures. While ML-NIDS demonstrate good effectiveness and high performance, adversarial ML attacks based on input data manipulation have been shown to undermine their robustness. However, existing adversarial strategies against ML-NIDS in ICS primarily focus on modifying traffic attributes at the flow level, without considering the constraints imposed by the underlying network protocols. In this paper, we propose a packet-level adversarial attack to evade ML-NIDS for Modbus TCP. We modify raw packet captures using two manipulation methods, namely jitter and padding, which reshape the features of the resulting flows while preserving Modbus functionalities. We evaluate the impact of these perturbations on the CIC Modbus 2023 dataset, considering three different attacker scenarios and targeting three popular ML models (Decision Tree, Random Forest, Histogram Gradient Boosting). Results show that our attack strategies degrade ML-NIDS performance, with detection rates falling below 0.5 in 31 out of 45 cases.| File | Dimensione | Formato | |
|---|---|---|---|
|
paper25.pdf
Open access
Tipologia:
VOR - Versione pubblicata dall'editore
Dimensione
1.51 MB
Formato
Adobe PDF
|
1.51 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate

I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris




