{"id":"https://openalex.org/W3134622107","doi":"https://doi.org/10.1109/tifs.2022.3201377","title":"TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack","display_name":"TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W3134622107","doi":"https://doi.org/10.1109/tifs.2022.3201377","mag":"3134622107"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2022.3201377","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3201377","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/TIFS.2022.3201377","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078700468","display_name":"Yam Sharon","orcid":null},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Yam Sharon","raw_affiliation_strings":["Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036832270","display_name":"David Berend","orcid":"https://orcid.org/0000-0001-6428-5234"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"David Berend","raw_affiliation_strings":["Nanyang Technological University, Jurong West, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Jurong West, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Jurong West, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Jurong West, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002391103","display_name":"Asaf Shabtai","orcid":"https://orcid.org/0000-0003-0630-4059"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Asaf Shabtai","raw_affiliation_strings":["Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072913672","display_name":"Yuval Elovici","orcid":"https://orcid.org/0000-0002-9641-128X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Yuval Elovici","raw_affiliation_strings":["Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5078700468"],"corresponding_institution_ids":["https://openalex.org/I124227911"],"apc_list":null,"apc_paid":null,"fwci":5.8196,"has_fulltext":false,"cited_by_count":44,"citation_normalized_percentile":{"value":0.96418564,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"17","issue":null,"first_page":"3225","last_page":"3237"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7821393609046936},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6585508584976196},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6467234492301941},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5871485471725464},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.445850670337677},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4396423399448395},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3345661163330078}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7821393609046936},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6585508584976196},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6467234492301941},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5871485471725464},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.445850670337677},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4396423399448395},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3345661163330078},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2022.3201377","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3201377","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:zenodo.org:7512387","is_oa":true,"landing_page_url":"https://doi.org/10.1109/TIFS.2022.3201377","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Information Forensics and Security, 17, (2022-08-24)","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:7512387","is_oa":true,"landing_page_url":"https://doi.org/10.1109/TIFS.2022.3201377","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Information Forensics and Security, 17, (2022-08-24)","raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1958612786","display_name":null,"funder_award_id":"AISG2-RP-2020-019","funder_id":"https://openalex.org/F4320320671","funder_display_name":"National Research Foundation"},{"id":"https://openalex.org/G3212442299","display_name":null,"funder_award_id":"NRFI06-2020-0022-0001","funder_id":"https://openalex.org/F4320320671","funder_display_name":"National Research Foundation"},{"id":"https://openalex.org/G4045071619","display_name":null,"funder_award_id":"NRF2018NCR-NCR005-0001","funder_id":"https://openalex.org/F4320320671","funder_display_name":"National Research Foundation"},{"id":"https://openalex.org/G6828898563","display_name":null,"funder_award_id":"NRF2018NCR-NSOE003-0001","funder_id":"https://openalex.org/F4320320671","funder_display_name":"National Research Foundation"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W1970978220","https://openalex.org/W1995443851","https://openalex.org/W2101234009","https://openalex.org/W2119256650","https://openalex.org/W2180612164","https://openalex.org/W2296719434","https://openalex.org/W2342408547","https://openalex.org/W2566782476","https://openalex.org/W2728257130","https://openalex.org/W2756489700","https://openalex.org/W2765427245","https://openalex.org/W2783084496","https://openalex.org/W2787957674","https://openalex.org/W2789828921","https://openalex.org/W2853623529","https://openalex.org/W2886533716","https://openalex.org/W2889645991","https://openalex.org/W2889836475","https://openalex.org/W2897104255","https://openalex.org/W2904981516","https://openalex.org/W2905238323","https://openalex.org/W2908403421","https://openalex.org/W2910068345","https://openalex.org/W2911424785","https://openalex.org/W2923778952","https://openalex.org/W2942239200","https://openalex.org/W2963197901","https://openalex.org/W2963207607","https://openalex.org/W2963612069","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W2964159373","https://openalex.org/W2989093880","https://openalex.org/W3013436979","https://openalex.org/W3015481738","https://openalex.org/W3019200173","https://openalex.org/W3024548636","https://openalex.org/W3088420918","https://openalex.org/W3091254548","https://openalex.org/W3111088413","https://openalex.org/W3125803510","https://openalex.org/W4404049250","https://openalex.org/W6636391385","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6675354045","https://openalex.org/W6740230398","https://openalex.org/W6754600771","https://openalex.org/W6758101687","https://openalex.org/W6760279540","https://openalex.org/W6873698495"],"related_works":["https://openalex.org/W2373230814","https://openalex.org/W2169868145","https://openalex.org/W2357468538","https://openalex.org/W2127991899","https://openalex.org/W1577110157","https://openalex.org/W2990788608","https://openalex.org/W2355007334","https://openalex.org/W2390009783","https://openalex.org/W2808001300","https://openalex.org/W1548771250"],"abstract_inverted_index":{"Network":[0,98],"intrusion":[1,12,179,195],"attacks":[2,51,180],"are":[3],"a":[4,93,105,113,202],"known":[5],"threat.":[6],"To":[7],"detect":[8,37],"such":[9,156],"attacks,":[10],"network":[11,34,120,163,194],"detection":[13,78,196],"systems":[14,22],"(NIDSs)":[15],"have":[16,42],"been":[17],"developed":[18],"and":[19,165,181],"deployed.":[20],"These":[21],"apply":[23],"machine":[24],"learning":[25],"models":[26],"to":[27,36,75,125,141,206],"high-dimensional":[28],"vectors":[29],"of":[30,107,191],"features":[31,69],"extracted":[32,70],"from":[33,71],"traffic":[35,74,149,164],"intrusions.":[38],"Advances":[39],"in":[40,193],"NIDSs":[41,62],"made":[43],"it":[44],"challenging":[45],"for":[46],"attackers,":[47],"who":[48],"must":[49],"execute":[50],"without":[52,152],"being":[53],"detected":[54,169],"by":[55],"these":[56],"systems.":[57],"Prior":[58],"research":[59],"on":[60,66,176],"bypassing":[61],"has":[63],"mainly":[64],"focused":[65],"perturbing":[67],"the":[68,72,77,84,127,131,143,147],"attack":[73,111],"fool":[76],"system,":[79],"however,":[80],"this":[81,88,208],"may":[82],"jeopardize":[83],"attack’s":[85],"functionality.":[86],"In":[87],"work,":[89],"we":[90],"present":[91],"TANTRA,":[92],"novel":[94,203],"end-to-end":[95],"Timing-based":[96],"Adversarial":[97],"Traffic":[99],"Reshaping":[100],"Attack":[101],"that":[102,157],"can":[103],"bypass":[104],"variety":[106],"NIDSs.":[108],"Our":[109],"evasion":[110,210],"utilizes":[112],"long":[114],"short-term":[115],"memory":[116],"(LSTM)":[117],"deep":[118],"neural":[119],"(DNN)":[121],"which":[122],"is":[123,139],"trained":[124,137],"learn":[126],"time":[128,144],"differences":[129,145],"between":[130,146],"target":[132],"network’s":[133],"benign":[134,162],"packets.":[135],"The":[136],"LSTM":[138],"used":[140],"set":[142],"malicious":[148],"packets":[150],"(attack),":[151],"changing":[153],"their":[154],"content,":[155],"they":[158],"will":[159,166],"“behave”":[160],"like":[161],"not":[167],"be":[168],"as":[170],"an":[171,187],"intrusion.":[172],"We":[173,199],"evaluate":[174],"TANTRA":[175],"eight":[177],"common":[178],"three":[182],"state-of-the-art":[183],"NIDS":[184],"systems,":[185],"achieving":[186],"average":[188],"success":[189],"rate":[190],"99.99%":[192],"system":[197],"evasion.":[198],"also":[200],"propose":[201],"mitigation":[204],"technique":[205],"address":[207],"new":[209],"attack.":[211]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":5}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}