Litcius/Paper detail

Adversarial Threats to Cloud IDS: Robust Defense With Adversarial Training and Feature Selection

Hariprasad Holla, Shashidhar Reddy Polepalli, Arun Ambika Sasikumar

2025IEEE Access13 citationsDOIOpen Access PDF

Abstract

The increasing adoption of cloud-based infrastructures necessitates robust cybersecurity measures, particularly in Intrusion Detection Systems (IDS). While Machine Learning (ML)-based IDS solutions improve attack detection, they remain highly vulnerable to adversarial attacks, where subtle perturbations deceive the model and evade detection. This paper explicitly evaluates the impact of Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and DeepFool attacks on ML-based IDS models trained on the CSE-CIC-IDS2018 dataset. Our findings clearly indicate that these attacks significantly degrade detection accuracy, with FGSM explicitly reducing accuracy from 85% to 60%, PGD explicitly to 55%, and DeepFool explicitly to 50%. Additionally, our explicit evaluation using the black-box Square Attack demonstrates a significant accuracy reduction to 63%, clearly underscoring IDS susceptibility to practical adversarial threats. To mitigate these vulnerabilities, we explicitly propose a dual-layered defense strategy: (i) adversarial training, explicitly incorporating adversarial examples into model training to improve robustness, and (ii) SHAP-based robust feature selection, explicitly enhancing interpretability and resilience by identifying stable, attack-resistant features. SHAP analysis explicitly reveals that protocol-based and statistical traffic attributes are particularly susceptible to adversarial manipulations. Explicit computational overhead analysis demonstrates that our proposed defense approach introduces modest additional training complexity (approximately 25% overhead) without significantly impacting inference speed, explicitly confirming practical feasibility for real-time deployment. Our defense mechanisms explicitly restore detection accuracy to 88% against gradient-based attacks and 84% against black-box attacks, explicitly reducing adversarial success rates by up to 40%. By explicitly integrating adversarial defenses with SHAP-based interpretability, this research explicitly strengthens IDS frameworks against diverse evasion attacks while explicitly enhancing model transparency and practical applicability.

Topics & Concepts

Adversarial systemComputer scienceComputer securityCloud computingFeature selectionSelection (genetic algorithm)Training (meteorology)Feature (linguistics)Artificial intelligenceOperating systemMeteorologyPhilosophyPhysicsLinguisticsNetwork Security and Intrusion DetectionAdversarial Robustness in Machine LearningAdvanced Malware Detection Techniques