DeepRed - A Deep Learning-Powered Command and Control Framework for Multi-Stage Red Teaming Against ML-based Network Intrusion Detection Systems

Explore an innovative deep learning-powered command and control framework designed for multi-stage red teaming operations against machine learning-based network intrusion detection systems in this 22-minute conference presentation. Learn how DeepRed addresses critical shortcomings in existing adversarial machine learning studies by implementing realistic threat models that operate at the packet level while preserving attack functionality after perturbation. Discover how the framework leverages Generative Adversarial Networks (GANs) to generate adversarial examples that comply with TCP/IP constraints and can be realized as packet-level perturbations. Examine two novel attack strategies - Single-Packet Single-Feature (SPSF) and Single-Feature Perturbation (SFP) - that achieve evasion under highly constrained conditions with minimal perturbation requirements. Understand the comprehensive ML-NIDS benchmarking dataset built from red-team exercises containing both benign and malicious traffic, and explore pipeline-independent adversarial testing methodologies for evaluating state-of-the-art models like FlowTransformer and SSCL-IDS across varying features, training data, and preprocessing pipelines. Analyze research results demonstrating DeepRed's capability to reduce detection rates by up to 20% while maintaining a stealthy post-exploitation communication channel and operational integrity, highlighting critical vulnerabilities in machine learning-based network security systems.