ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions

Ying-Dar Lin, Jehoshua Hanky Pratama, Didik Sudyana, Yuan Cheng Lai, Ren Hung Hwang, Po Ching Lin*, Hsuan Yu Lin, Wei Bin Lee, Chen Kuo Chiang


研究成果: Article同行評審


Network intrusion detection systems (NIDSs) now adopt machine learning (ML) for detection of wide attack variants. However, ML is also known vulnerable to adversarial attacks, which can degrade the accuracy of ML. A number of defense strategies have been proposed but mostly in image classification areas. In this work, we propose Ensemble Learning with Adversarial Training (ELAT) to combine adversarial training and ensemble learning into a solution. We compare four approaches: single, ensemble, adversarial and ELAT. In the experiments, several models were developed and tested using different approaches to know which method is robust against adversarial attacks for ML-based NIDSs. The average F1 score for the single models was 0.93 within a wide range (0.82-0.99), but dropped to 0.29 when facing adversarial attacks, particularly dropped to 0.07 caused by the strongest attack, Projected Gradient Descent (PGD). With ensemble, adversarial and ELAT, the average scores were recovered to 0.80, 0.88 and 0.91, respectively. In addition, this work involves prediction of the models and approach implemented behind the system using cosine similarity with an accuracy of 99.9%.

期刊Journal of Information Security and Applications
出版狀態Published - 12月 2022


深入研究「ELAT: Ensemble Learning with Adversarial Training in defending against evaded intrusions」主題。共同形成了獨特的指紋。