ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions

Ying Dar Lin, Jehoshua Hanky Pratama, Didik Sudyana, Yuan Cheng Lai, Ren Hung Hwang, Po Ching Lin*, Hsuan Yu Lin, Wei Bin Lee, Chen Kuo Chiang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.

Original languageEnglish
Article number103348
JournalJournal of Information Security and Applications
StatePublished - Dec 2022


  • Adversarial attack
  • Ensemble learning
  • Intrusion detection
  • Machine learning


Dive into the research topics of 'ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions'. Together they form a unique fingerprint.

Cite this