A comprehensive defense approach of deep learning-based NIDS against adversarial attacks
Kousik Barik, Sanjay Misra
Abstract
Abstract Network intrusion detection systems (NIDS) act as a premier defense to protect computer networks from cybersecurity threats. In Adversarial Machine Learning (AML), adversaries aim to deceive Machine Learning (ML) and Deep Learning (DL) models into producing false predictions with deliberately prepared adversarial samples. These intentionally generated adversarial samples have become a significant vulnerability of ML and DL-based systems, posing major challenges for their adoption in real-world, critical applications such as NIDS. In this study, we aim to present a novel hybrid defense model that enhances the performance of DL-based NIDS against adversarial attacks. The MinMaxScaler is used for data normalization. We employed Independent Component Analysis (ICA) for feature extraction and Recursive Feature Elimination (RFE) for feature selection to reduce complexity and overfitting. The proposed model comprises two defense strategies: Projected Gradient Descent (PGD) with a Pigeon-Inspired Optimization Algorithm (PIOA) during the training phase, aiming to enhance the model's ability to distinguish between adversarial examples. Spatial Smoothing (SS) is employed during the testing phase to decrease the potential impact of adversarial noise and sensitivity to minor feature changes. We have implemented three adversarial attack generation methods: Jacobian Saliency Map Attacks (JSMA), Fast Gradient Sign Method (FGSM), and Carlini and Wagner (C&W), and evaluated them in five distinct scenarios. The proposed model demonstrates an accuracy of 99.65%, a recall of 99.87%, an ASR of 1.29%, and a specificity of 99.05%. We further presented the computational efficiency and a hyperparameter sensitivity analysis to validate and assess the model's real-time processing feasibility. The scope of the presented study extends beyond computer security.