Hajizadeh, Mehrdad, Golchin, Pegah, Nowroozi, Ehsan ORCID: https://orcid.org/0000-0002-5714-8378, Rigaki, Maria, Valeros, Veronica, Garcia, Sebastian, Conti, Mauro and Bauschert, Thomas (2025) DeepRed: a deep learning-powered command and control framework for multi-stage red teaming against ML-based network intrusion detection systems. In: WOOT '25: Proceedings of the 19th USENIX WOOT Conference on Offensive Technologies. August 11–12, 2025. USENIX The Advanced Computing Systems Association, Seattle, WA, USA, pp. 103-127. ISBN 978-1939133502

PDF (Conference Paper VoR) 52010 NOWROOZI_DeepRed_A_Deep_Learning-Powered_Command_And_Control_Framework_For_Multi-Stage_(CONFERENCE PAPER VoR)_2025.pdf - Published Version Restricted to Repository staff only until 11 August 2026. Download (1MB) | Request a copy

Abstract

Emerging studies demonstrate that machine learning (ML) has the potential to improve the detection capabilities of network intrusion detection systems (NIDS) against evolving cyber threats. However, recent adversarial ML (AML) studies have revealed critical ML vulnerabilities. This paper presents innovative multistage red-teaming techniques to evaluate the robustness of ML-NIDS in real-world adversarial settings. Although extensive research has been conducted in this area, existing studies have critical shortcomings: (1) relying on unrealistic threat models, (2) focusing on traffic flow perturbation for evasion while neglecting that malicious activity occurs at the packet level, and (3) failing to preserve attack functionality after perturbation.
Guided by offensive security principles, we present DeepRed, an ML-powered Command and Control (C2) framework designed to evade targeted ML-NIDS while maintaining a stealthy post-exploitation communication channel. DeepRed leverages Generative Adversarial Networks (GANs) to generate adversarial examples that comply with TCP/IP constraints and are realizable as packet-level perturbations. We further propose two novel attack strategies, Single-Packet Single-Feature (SPSF) and Single-Feature Perturbation (SFP), to achieve evasion under highly constrained conditions with minimal perturbation. To enable robust evaluation, we built a comprehensive ML-NIDS benchmarking dataset containing benign and malicious traffic from our red-team exercises. Additionally, we introduce pipeline-independent adversarial testing to evaluate state-of-the-art models, such as FlowTransformer and SSCL-IDS, across varying features, training data, and preprocessing pipelines--while preserving attack functionality. Results demonstrate that DeepRed can reduce detection rates by up to 20%, highlighting the framework's ability to bypass ML-NIDS while maintaining operational integrity.

Item Type:	Conference Proceedings
Title of Proceedings:	WOOT '25: Proceedings of the 19th USENIX WOOT Conference on Offensive Technologies. August 11–12, 2025
Additional Information:	“Copyright to this work is retained by the author(s). Permission is granted for the non‑commercial reproduction of the complete work for educational or research purposes.” The paper was first published in the WOOT ’25 proceedings. Authors retain copyright; USENIX reserves exclusive publication rights only for the first 12 months - MP
Uncontrolled Keywords:	Adversarial Machine Learning, Network Intrusion Detection Systems (NIDS), Red Teaming, Command and Control (C2),. defence evasion, Generative Adversarial Networks (GANs), Packet-Level Traffic Manipulation, flow-based network analysis, ML security evaluation, adversarial example transferability, MITRE ATT&CK and MITRE ATLAS, post-exploitation techniques, Stealthy Network Communications, Machine Learning robustness, cyber offense simulation
Subjects:	Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Related URLs:	Publisher Publisher Publisher
Last Modified:	18 Dec 2025 10:59
URI:	https://gala.gre.ac.uk/id/eprint/52010

Actions (login required)

View Item

Downloads