Understanding the adversary: A survey of adversarial machine learning in network intrusion detection

Adversarial machine learning (AML) is a growing threat to network intrusion detection systems (NIDS). However, the literature remains fragmented across models, datasets, and evaluation practices. This survey provides a post-2021 synthesis of AML for machine learning-based NIDS and, to the best of our knowledge, is the first survey in this period to combine a coded corpus of 94 quality-screened primary studies (2022-2025) with a unified hierarchical taxonomy and quantitative mapping across threat models, methods, datasets, metrics, and reproducibility characteristics. Our analysis reveals persistent biases toward feature-space manipulation, dataset-specific dependencies, overly optimistic assumptions about adversary knowledge, and evasion-centric evaluation methodologies. It also identifies emerging trends, including ensemble-based defenses, IoT/ICS data realism, and enhanced reproducibility. Combining conceptual and quantitative perspectives, we establish a reproducible research mapping framework that identifies six open challenges defining the next stage of adversarially robust intrusion detection. Thus, we provide a roadmap toward trustworthy, empirically grounded, and operationally viable AML-NIDS in adversarial settings.