arxiv: 2602.10299 · v2 · submitted 2026-02-10 · 💻 cs.CR

Recognition: 2 theorem links

· Lean Theorem

The Role of Learning in Attacking ML-based Network Intrusion Detection

Kyle Domico , Jean-Charles Noirot Ferrand , Patrick McDaniel

Authors on Pith no claims yet

Pith reviewed 2026-05-16 02:05 UTC · model grok-4.3

classification 💻 cs.CR

keywords reinforcement learningadversarial attacksnetwork intrusion detectionevasionsurrogate modelstransferabilityML robustnessNetFlow

0 comments

The pith

Reinforcement learning agents learn reusable policies that attack ML-based network intrusion detectors up to 1042 times more efficiently than gradient-based methods.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Machine learning models used to detect network intrusions can be fooled by small changes to malicious traffic flows. The paper trains reinforcement learning agents on surrogate detectors to discover effective perturbation strategies, then packages those strategies into fast policies that need no gradients or model access when deployed. This split between training and execution lets the agents work on any model type, including non-differentiable classifiers, and run at speeds that support large-scale testing. A reader would care because existing gradient attacks are too slow and too restricted to serve as practical tools for ongoing robustness checks across real network environments.

Core claim

Lightweight adversarial agents trained via reinforcement learning decouple the cost of learning an evasion strategy from the cost of executing it. Agents learn offline to perturb malicious NetFlow records to evade surrogate intrusion detection models and encode the strategy into a reusable policy requiring no gradient computation at deployment. On four NetFlow datasets the agents reach 58.1 percent attack success at 0.31 milliseconds per attack, deliver up to 1,042 times higher throughput than gradient methods, and maintain 29.8 percent success on non-differentiable targets where gradient transfer loses more than 59 percent effectiveness.

What carries the argument

Reinforcement learning policy trained on surrogate models to generate fast, gradient-free perturbations that evade NetFlow-based intrusion detection.

If this is right

Agents achieve up to 58.1 percent attack success while operating at 0.31 milliseconds per attack.
Throughput improves by up to 1,042 times relative to gradient-based optimization.
Gradient-based methods lose over 59 percent of their effectiveness on non-differentiable targets due to surrogate transfer, whereas RL agents evaluate those models directly at 29.8 percent success.
Agents generalize across previously unseen model architectures and across different traffic distributions.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The speed of these agents could enable continuous, automated robustness monitoring inside live network defense systems.
Direct access to non-differentiable models expands the set of practical classifiers that can be stress-tested at scale.
The transferability results suggest RL policies may handle shifts in network traffic patterns more gracefully than gradient attacks.
Applying the same agents to streaming rather than batched NetFlow data would provide a direct test of real-time viability.

Load-bearing premise

Perturbations generated by RL agents on surrogate models transfer effectively to real target models and the learned policies remain effective on new traffic distributions without retraining.

What would settle it

An experiment that applies the trained RL agents to a held-out target model using traffic drawn from a markedly different distribution and records attack success below 10 percent would falsify the claim of practical, scalable evaluation.

Figures

Figures reproduced from arXiv: 2602.10299 by Jean-Charles Noirot Ferrand, Kyle Domico, Patrick McDaniel.

**Figure 1.** Figure 1: Attack Overview: The adversary uses network traffic data collected via reconnaissance to train an adversarial agent to be used in bot deployment to evade NIDS. cloud providers, IoT ecosystems). This data enables the training of surrogate models that aim to approximate the target NIDS model. In our evaluation, we simulate this reconnaissance by dataset partitioning, where we assume the adversary has obtai… view at source ↗

**Figure 2.** Figure 2: Threat Models: Comparison of threat model scenarios dependent on access to the victim NIDS model and reconnaissance data. on arbitrary surrogate model architectures to transfer to the target system (see Evaluation in Section 6). 4 Preliminaries We overview the goal of learning an attack strategy (i.e., policy) and define the process that enables the adversary to train an agent with RL to evade NIDS. Prob… view at source ↗

**Figure 3.** Figure 3: The three-phase attack pipeline proceeds in four sequential steps: (1) [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 4.** Figure 4: Victim NIDS Model Accuracy: F1 score on test NetFlow datasets of each machine learning model. 6 Evaluation With our framework to train and deploy a lightweight agent to evade NIDS, we evaluate our approach on a combination of NetFlow datasets and ML models. We ask the following: RQ1. Does an agent learn a strategy that outperforms existing attack methods? (Section 6.2) RQ2. What categories of known attack … view at source ↗

**Figure 5.** Figure 5: Pre and Post Offline Training Performance: The increase in attack success rate (%) observed before RL training for each victim model across (Left) surrogate ML model architectures and (Right) NetFlow RL training datasets. training loop, the policy πθ produced is what is used to deploy in the attack. Data Partitioning. Each dataset D is divided into three splits: Dvictim for training the victim NIDS model, … view at source ↗

**Figure 6.** Figure 6: Attack Length Tradeoffs: Attack success and latency performance at various attack steps given to the agent across (a) different models and (b) different datasets. more difficult. This disparity suggests that as defenders shift toward gradient-boosted trees for high-accuracy detection, they inadvertently force adversaries to adopt more sophisticated strategies to identify vulnerabilities. From the NIDS dat… view at source ↗

**Figure 7.** Figure 7: Network Attack Effectiveness: The attack success rate of the trained agents on specific cyberattack categories as a function of the maximum perturbation budgets by NetFlow feature type. Attack Category Total Samples Discovery & Reconnaissance 10,172 (25.4%) Denial of Service 9,566 (23.9%) Exploitation & Injection 8,958 (22.4%) Malware & Persistence 5,936 (14.8%) Access & Authentication 4,539 (11.3%) Networ… view at source ↗

**Figure 8.** Figure 8: Attack Success by Threat Model: Comparison of Attack Success Rate (%) achievable by agents in four distinct adversarial settings. without fundamentally altering the attack. This suggests that volumetric-based detection is fragile, and attackers launching DoS, Brute Force, or Infiltration can evade detection without compromising the attack. In contrast, the Malware & Persistence category is robust to budget… view at source ↗

**Figure 9.** Figure 9: Attack Success by Data Size: Attack success rate (%) at varying sizes of Dtrain across datasets used to train the agent in settings where the NIDS model is known and when it is not. mation deficit, the agent maintains a stable lower bound with a performance drop of 25% compared to the white-box setting. Across all threat models, a similar pattern can be observed for the attack success for different victim… view at source ↗

read the original abstract

Machine learning (ML)-based network intrusion detection is susceptible to attacks that perturb malicious network flows to evade detection. Existing approaches to evaluating the robustness of these models rely on gradient-based optimization that are computationally expensive and restricted to differentiable model architectures. This limits their practicality for continuous, large-scale evaluation. To address this, we develop lightweight adversarial agents trained via reinforcement learning (RL) that decouples the cost of learning an evasion strategy from the cost of executing it. These agents learn offline to perturb malicious NetFlow records to evade surrogate intrusion detection models, encoding the resulting strategy into a reusable policy that requires no gradient computation at deployment. We evaluate our approach on four NetFlow datasets spanning enterprise, cloud, and IoT environments against diverse model architectures, including non-differentiable classifiers that gradient-based methods cannot evaluate directly. Agents achieve up to 58.1% attack success at 0.31ms per attack demonstrating up to 1,042X improvement in throughput (attack success per ms) over gradient-based methods. On non-differentiable targets, gradient-based methods lose over 59% of their effectiveness to surrogate transfer, while the RL agent evaluates these models directly at 29.8% attack success. We further conduct a comprehensive transferability study on ML-based intrusion detection, evaluating agent generalization across unseen model architectures and traffic distributions. Our results establish lightweight RL agents as a practical and scalable tool for continuous ML robustness evaluation across diverse network intrusion detection environments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

RL agents deliver fast direct attacks on NIDS models with clear speed gains over gradients, though transfer to shifted traffic remains the key open question.

read the letter

The main point is that these RL agents learn evasion policies offline on surrogates and then apply them at runtime with no gradients, which lets them attack non-differentiable NIDS models directly and run far more attacks per second than gradient optimization. They report up to 58 percent success at 0.31 ms per attack on NetFlow data, for a claimed 1042X throughput improvement, and they keep 30 percent success on non-differentiable targets where transferred gradients drop sharply. The evaluation covers four datasets across enterprise, cloud, and IoT settings plus a transfer study on architectures and distributions. That separation of learning cost from execution cost is the practical step forward and the speed numbers are the clearest evidence they provide. The experiments look broad enough to back the central claims about scalability for continuous robustness checks. The soft spot is generalization. The stress-test note is right to flag that success on held-out distributions could look better if those sets are only mildly different from training traffic. Production flows often drift more than that, so the paper would be stronger with explicit degradation numbers on harder shifts or a clearer statement of how much retraining the policies need. Readers working on ML security for networks will get the most from it; the method gives them a tool that works where gradients do not. It has enough concrete results and addresses a real bottleneck, so it deserves a serious referee even if some revision on the transfer details is needed.

Referee Report

3 major / 1 minor

Summary. The manuscript introduces reinforcement learning (RL) agents that learn offline to generate perturbations on malicious NetFlow records for evading ML-based network intrusion detection systems (NIDS). The agents encode evasion strategies into reusable policies that require no gradients at deployment, enabling direct attacks on non-differentiable classifiers. Reported results include up to 58.1% attack success at 0.31 ms per attack (1,042X throughput improvement over gradient-based methods), 29.8% success on non-differentiable targets (where gradient methods lose >59% effectiveness on surrogate transfer), and a transferability study across unseen architectures and traffic distributions.

Significance. If the empirical claims hold, the work provides a practical, scalable alternative to gradient-based adversarial evaluation for NIDS robustness. The decoupling of offline learning from fast online execution, combined with applicability to non-differentiable models, could support continuous large-scale robustness assessment across enterprise, cloud, and IoT environments.

major comments (3)

[Abstract and §4] Abstract and §4 (Evaluation): The headline claims of 58.1% success, 0.31 ms per attack, and 1,042X throughput improvement are presented without the corresponding per-attack latency and success numbers for the gradient-based baselines in the identical experimental setting, preventing independent verification of the speedup factor.
[Transferability study] Transferability study (likely §5): The reported 29.8% success on non-differentiable targets and generalization across unseen distributions rest on the assumption that held-out traffic is representative of production shifts; if the distributions are only mildly shifted (same protocol family, similar feature statistics), the robustness claims for continuous evaluation could be overstated.
[§3] §3 (Methodology): The RL environment definition, reward function, state representation (NetFlow features), and policy architecture are not described with sufficient detail to reproduce the offline training or confirm that the learned policies remain effective without retraining on new traffic.

minor comments (1)

[Abstract] Clarify the exact definition of 'throughput (attack success per ms)' with an equation or formula to avoid ambiguity in the comparison.

Circularity Check

0 steps flagged

No circularity: results are direct empirical measurements from RL training and evaluation

full rationale

The paper reports experimental outcomes from training lightweight RL agents offline on surrogate models and then measuring attack success rates, throughput, and transferability on held-out datasets and non-differentiable targets. No derivation chain, equations, or predictions are presented that reduce to fitted inputs by construction. All performance numbers (58.1% success, 0.31 ms, 1042X throughput, 29.8% on non-differentiable models) are obtained via direct execution of the learned policy rather than any self-referential fitting or renaming of known results. Self-citations, if present, are not load-bearing for the central empirical claims.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No explicit free parameters, axioms, or invented entities are described in the abstract; the work is presented as an empirical engineering contribution.

pith-pipeline@v0.9.0 · 5566 in / 1156 out tokens · 61380 ms · 2026-05-16T02:05:05.228495+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We define the reward function R:S→R as R(s) = (1 − ∥(φ(s)⊖φ(s0))⊘Tε∥∞ if f̃(s)=0 else 0
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The agent is trained to optimize E_πθ [∑_{t=0}^{T-1} R(s_t)]

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

29 extracted references · 29 canonical work pages · 2 internal anchors

[1]

MITRE ATT&CK: State of the Art and Way Forward

Bader Al-Sada, Alireza Sadighian, and Gabriele Oligeri. MITRE ATT&CK: State of the Art and Way Forward. ACM Comput. Surv., 57(1), October 2024

work page 2024
[2]

Alani, Atefeh Mashatan, and Ali Miri

Mohammed M. Alani, Atefeh Mashatan, and Ali Miri. Building Detection-Resistant Reconnaissance Attacks Based on Adversarial Explainability. InProceedings of the 10th ACM Cyber-Physical System Security Work- shop, CPSS ’24, pages 16–23, New York, NY , USA,

work page
[3]

Association for Computing Machinery

work page
[4]

TON_iot Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems.IEEE Access, 8:165130–165150, 2020

Abdullah Alsaedi, Nour Moustafa, Zahir Tari, Abdun Mahmood, and Adnan Anwar. TON_iot Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems.IEEE Access, 8:165130–165150, 2020

work page 2020
[5]

Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou

Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Za- kir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. Understanding the mirai botnet. InProceedings of the 26th USENIX Co...

work page 2017
[6]

OpenAI Gym

Greg Brockman, Vicki Cheung, Ludwig Pettersson, Jonas Schneider, John Schulman, Jie Tang, and Wojciech Zaremba. OpenAI Gym, June 2016. arXiv:1606.01540 [cs]

work page internal anchor Pith review Pith/arXiv arXiv 2016
[7]

A systematic literature review on advanced persistent threat behaviors and its detec- tion strategy.Journal of Cybersecurity, 10(1):tyad023, January 2024

Nur Ilzam Che Mat, Norziana Jamil, Yunus Yusoff, and Miss Laiha Mat Kiah. A systematic literature review on advanced persistent threat behaviors and its detec- tion strategy.Journal of Cybersecurity, 10(1):tyad023, January 2024

work page 2024
[8]

Jordan, and Martin J

Jianbo Chen, Michael I. Jordan, and Martin J. Wain- wright. Hopskipjumpattack: A query-efficient decision- based attack. In2020 IEEE Symposium on Security and Privacy (SP), pages 1277–1294, 2020

work page 2020
[9]

XGBoost: A Scalable Tree Boosting System

Tianqi Chen and Carlos Guestrin. XGBoost: A Scalable Tree Boosting System. InProceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’16, pages 785–794, New York, NY , USA, 2016. Association for Computing Machinery

work page 2016
[10]

Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems.Computers & Se- curity, 129:103176, 2023

Islam Debicha, Benjamin Cochez, Tayeb Kenaza, Thibault Debatty, Jean-Michel Dricot, and Wim Mees. Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems.Computers & Se- curity, 129:103176, 2023

work page 2023
[11]

PentestGPT: Evaluating and harnessing large language models for automated pene- tration testing

Gelei Deng, Yi Liu, Víctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, and Stefan Rass. PentestGPT: Evaluating and harnessing large language models for automated pene- tration testing. In33rd USENIX Security Symposium (USENIX Security 24), pages 847–864, Philadelphia, PA, August 2024. USENIX Association

work page 2024
[12]

Ad- dressing function approximation error in actor-critic methods

Scott Fujimoto, Herke van Hoof, and David Meger. Ad- dressing function approximation error in actor-critic methods. In Jennifer Dy and Andreas Krause, editors, Proceedings of the 35th International Conference on Ma- chine Learning (ICML), volume 80 ofProceedings of Machine Learning Research, pages 1587–1596. PMLR, 10–15 Jul 2018

work page 2018
[13]

Soft actor-critic: Off-policy maximum entropy deep reinforcement

Tuomas Haarnoja, Aurick Zhou, Pieter Abbeel, and Sergey Levine. Soft actor-critic: Off-policy maximum entropy deep reinforcement. InProceedings of the 35th International Conference on Machine Learning (ICML). July 10th-15th, Stockholm, Sweden, volume 1870, 1861

work page
[14]

Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. Towards the development of re- alistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset.Future Generation Computer Systems, 100:779–796, 2019. 14

work page 2019
[15]

Towards deep learning models resistant to adversarial attacks

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations (ICLR), 2018

work page 2018
[16]

Asynchronous methods for deep reinforcement learning

V olodymyr Mnih, Adria Puigdomenech Badia, Mehdi Mirza, Alex Graves, Timothy Lillicrap, Tim Harley, David Silver, and Koray Kavukcuoglu. Asynchronous methods for deep reinforcement learning. InInterna- tional Conference on Machine Learning (ICML), pages 1928–1937. PmLR, 2016

work page 1928
[17]

UNSW-NB15: a com- prehensive data set for network intrusion detection sys- tems (UNSW-NB15 network data set)

Nour Moustafa and Jill Slay. UNSW-NB15: a com- prehensive data set for network intrusion detection sys- tems (UNSW-NB15 network data set). In2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6, November 2015

work page 2015
[18]

DeepCorr: Strong Flow Correlation Attacks on Tor Us- ing Deep Learning

Milad Nasr, Alireza Bahramali, and Amir Houmansadr. DeepCorr: Strong Flow Correlation Attacks on Tor Us- ing Deep Learning. InProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 1962–1976, New York, NY , USA, October 2018. Association for Computing Ma- chinery

work page 2018
[19]

Defeating DNN-Based traffic analysis systems in Real- Time with blind adversarial perturbations

Milad Nasr, Alireza Bahramali, and Amir Houmansadr. Defeating DNN-Based traffic analysis systems in Real- Time with blind adversarial perturbations. In30th USENIX Security Symposium (USENIX Security 21), pages 2705–2722. USENIX Association, August 2021

work page 2021
[20]

Flow-based Detec- tion and Proxy-based Evasion of Encrypted Malware C2 Traffic

Carlos Novo and Ricardo Morla. Flow-based Detec- tion and Proxy-based Evasion of Encrypted Malware C2 Traffic. InProceedings of the 13th ACM Workshop on Artificial Intelligence and Security, AISec’20, pages 83–91, New York, NY , USA, 2020. Association for Com- puting Machinery

work page 2020
[21]

Scikit-learn: Machine Learn- ing in Python.J

Fabian Pedregosa, Gaël Varoquaux, Alexandre Gram- fort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vin- cent Dubourg, Jake Vanderplas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, and Édouard Duchesnay. Scikit-learn: Machine Learn- ing in Python.J. Mach. Learn. Res., 12(null)...

work page 2011
[22]

Stable-Baselines3: Reliable Reinforcement Learning Im- plementations.Journal of Machine Learning Research, 22(268):1–8, 2021

Antonin Raffin, Ashley Hill, Adam Gleave, Anssi Kanervisto, Maximilian Ernestus, and Noah Dormann. Stable-Baselines3: Reliable Reinforcement Learning Im- plementations.Journal of Machine Learning Research, 22(268):1–8, 2021

work page 2021
[23]

NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems

Mohanad Sarhan, Siamak Layeghy, Nour Moustafa, and Marius Portmann. NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems. In Zeng Deze, Huan Huang, Rui Hou, Seungmin Rho, and Naveen Chilamkurti, editors,Big Data Technologies and Applications, pages 117–135, Cham, 2021. Springer International Publishing

work page 2021
[24]

Towards a Standard Feature Set for Network Intrusion Detection System Datasets.Mobile Networks and Applications, 27(1):357–370, February 2022

Mohanad Sarhan, Siamak Layeghy, and Marius Port- mann. Towards a Standard Feature Set for Network Intrusion Detection System Datasets.Mobile Networks and Applications, 27(1):357–370, February 2022

work page 2022
[25]

Proximal Policy Optimization Algorithms

John Schulman, Filip Wolski, Prafulla Dhariwal, Alec Radford, and Oleg Klimov. Proximal policy optimiza- tion algorithms.arXiv preprint arXiv:1707.06347, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[26]

Toward generating a new intrusion detection dataset and intrusion traffic characterization

Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghor- bani, and others. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1(2018):108–116, 2018

work page 2018
[27]

Weisman, and Patrick McDaniel

Ryan Sheatsley, Blaine Hoak, Eric Pauley, Yohan Beu- gin, Michael J. Weisman, and Patrick McDaniel. On the robustness of domain constraints. InProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS ’21, page 495–515, New York, NY , USA, 2021. Association for Computing Machinery

work page 2021
[28]

Weisman, Gunjan Verma, and Patrick McDaniel

Ryan Sheatsley, Nicolas Papernot, Michael J. Weisman, Gunjan Verma, and Patrick McDaniel. Adversarial ex- amples for network intrusion detection systems.J. Com- put. Secur., 30(5):727–752, January 2022. Place: NLD

work page 2022
[29]

Hierarchical classification for intrusion detection sys- tem: Effective design and empirical analysis.Ad Hoc Networks, 178:103982, 2025

Md Ashraf Uddin, Sunil Aryal, Mohamed Reda Bouad- jenek, Muna Al-Hawawreh, and Md Alamin Talukder. Hierarchical classification for intrusion detection sys- tem: Effective design and empirical analysis.Ad Hoc Networks, 178:103982, 2025. A Attack Distribution 15 Dataset Attack Type Count % BoT-IoTReconnaissance 8,140 81.4% DDoS 926 9.3% DoS 909 9.1% Theft 2...

work page 2025