An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems

Abstract Machine learning (ML) and deep neural networks (DNN) have emerged as powerful tools for enhancing intrusion detection systems (IDS) in cybersecurity. However, recent studies have revealed their vulnerability to adversarial attacks, where maliciously perturbed traffic samples can deceive trained DNN-based detectors, leading to incorrect classifications and compromised system integrity. While numerous defense mechanisms have been proposed to mitigate these adversarial threats, many fail to achieve a balance between robustness against adversarial attacks, maintaining high detection accuracy on clean data, and preserving the functional integrity of traffic flow features. To address these limitations, this research investigates and integrates a comprehensive ensemble of adversarial defense strategies, implemented in two key phases. During the training phase, adversarial training, label smoothing, and Gaussian augmentation are employed to enhance the model’s resilience against adversarial perturbations. Additionally, a proactive preprocessing defense strategy is deployed during the testing phase, utilizing a denoising sparse autoencoder to cleanse adversarial input samples before they are fed into the IDS classifier. Comparative evaluations demonstrate that the proposed ensemble defense framework significantly improves the adversarial robustness and classification performance of DNN-based IDS classifiers. Experimental results, validated on the CICIDS2017 and CICIDS2018 datasets, show that the proposed approach achieves aggregated prediction accuracies of 87.34% and 98.78% under majority voting and weighted average schemes, respectively. These findings underscore the effectiveness of the proposed framework in combating adversarial threats while maintaining robust detection capabilities, thereby advancing the state-of-the-art in adversarial defense for intrusion detection systems.