ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions

Ying Dar Lin; Jehoshua Hanky Pratama; Didik Sudyana; Yuan Cheng Lai; Ren Hung Hwang; Po Ching Lin; Hsuan Yu Lin; Wei Bin Lee; Chen Kuo Chiang

doi:10.1016/j.jisa.2022.103348

ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions

Ying Dar Lin, Jehoshua Hanky Pratama, Didik Sudyana, Yuan Cheng Lai, Ren Hung Hwang, Po Ching Lin^*, Hsuan Yu Lin, Wei Bin Lee, Chen Kuo Chiang

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.

Original language	English
Article number	103348
Journal	Journal of Information Security and Applications
Volume	71
DOIs	https://doi.org/10.1016/j.jisa.2022.103348
State	Published - Dec 2022

Keywords

Adversarial attack
Ensemble learning
Intrusion detection
Machine learning

Access to Document

10.1016/j.jisa.2022.103348

Cite this

@article{6a1ca0dd12614868a88e61b6b6b77c28,

title = "ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions",

abstract = "Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.",

keywords = "Adversarial attack, Ensemble learning, Intrusion detection, Machine learning",

author = "Lin, {Ying Dar} and Pratama, {Jehoshua Hanky} and Didik Sudyana and Lai, {Yuan Cheng} and Hwang, {Ren Hung} and Lin, {Po Ching} and Lin, {Hsuan Yu} and Lee, {Wei Bin} and Chiang, {Chen Kuo}",

note = "Publisher Copyright: {\textcopyright} 2022 Elsevier Ltd",

year = "2022",

month = dec,

doi = "10.1016/j.jisa.2022.103348",

language = "English",

volume = "71",

journal = "Journal of Information Security and Applications",

issn = "2214-2134",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - ELAT

T2 - Ensemble Learning with Adversarial Training in defending against evaded intrusions

AU - Lin, Ying Dar

AU - Pratama, Jehoshua Hanky

AU - Sudyana, Didik

AU - Lai, Yuan Cheng

AU - Hwang, Ren Hung

AU - Lin, Po Ching

AU - Lin, Hsuan Yu

AU - Lee, Wei Bin

AU - Chiang, Chen Kuo

PY - 2022/12

Y1 - 2022/12

N2 - Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.

AB - Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.

KW - Adversarial attack

KW - Ensemble learning

KW - Intrusion detection

KW - Machine learning

UR - http://www.scopus.com/inward/record.url?scp=85140973259&partnerID=8YFLogxK

U2 - 10.1016/j.jisa.2022.103348

DO - 10.1016/j.jisa.2022.103348

M3 - Article

AN - SCOPUS:85140973259

SN - 2214-2134

VL - 71

JO - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

M1 - 103348

ER -

ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this