Adversarial Attacks and Defenses in Machine Learning-Based Intrusion Detection Systems
Keywords:
Adversarial attacks, Adversarial training, Defensive mechanisms, Ensemble modeling, Evasion attacks, Intrusion detection systems, Machine learning, Poisoning attacksAbstract
Machine learning–based intrusion detection systems (IDS) have become essential for identifying sophisticated cyber threats in modern network environments. By learning patterns of normal and malicious behaviour, these systems can detect previously unknown attacks and adapt to evolving threat landscapes. However, their reliance on data-driven models makes them vulnerable to adversarial manipulation. Adversarial attacks exploit weaknesses in learning algorithms by crafting inputs that evade detection, corrupt training data, or manipulate model behaviour. Such attacks, including evasion, poisoning, and backdoor insertion, can significantly degrade detection accuracy and compromise system reliability. This study examines the nature of adversarial threats targeting machine learning–based IDS, analyses their operational mechanisms, and evaluates their impact on detection performance. It further explores defensive strategies such as adversarial training, robust feature engineering, ensemble modelling, secure data pipelines, and adaptive monitoring frameworks. The paper highlights the trade-offs between robustness, computational cost, and detection efficiency, and identifies key challenges in developing resilient IDS capable of operating in dynamic and adversarial environments. By synthesizing current research and emerging defense paradigms, this work provides a comprehensive foundation for designing secure and trustworthy machine learning–driven intrusion detection systems.
References
E. Alhajjar, P. Maxwell, and N. Bastian, “Adversarial machine learning in Network Intrusion Detection Systems,” Expert Systems with Applications, vol. 186, p. 115782, Dec. 2021.
A. Alotaibi and M. A. Rassam, “Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defence,” Future Internet, vol. 15, no. 2, p. 62, Jan. 2023.
G. Apruzzese, M. Andreolini, M. Marchetti, A. Venturi, and M. Colajanni, “Deep Reinforcement Adversarial Learning against Botnet Evasion Attacks,” IEEE Transactions on Network and Service Management, pp. 1–1, 2020.
M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar, “Can machine learning be secure?,” Proceedings of the 2006 ACM Symposium on Information, Computer, and Communications Security, Mar. 2006.
B. Biggio, B. Nelson, and P. Laskov, “Poisoning Attacks against Support Vector Machines,” arXiv:1206.6389, Mar. 2013.
L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016.
D. E. Denning, “An Intrusion-Detection Model,” IEEE Transactions on Software Engineering, vol. SE-13, no. 2, pp. 222–232, Feb. 1987.
J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples,” arXiv.org, 2014.
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, Oct. 2000.
A.-G. Mari, D. Zinca, and V. Dobrota, “Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network,” Sensors, vol. 23, no. 3, p. 1315, Jan. 2023.
M. Ogunbadejo, O. A. Ayilara-Adewale, and O. Alade, “Machine Learning Methods for Intrusion Detection: A Comprehensive Survey,” International Journal of Scientific Research and Management (IJSRM), vol. 13, no. 07, pp. 2446–2456, Jul. 2025.
N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, and A. Swami, “Practical Black-Box Attacks against Machine Learning,” Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS ’17, 2017.
A. Rai, Y. Noor, and M. Faisal, “Adversarial Robustness of Deep Learning-Based Intrusion Detection Systems Against Ai-Powered Cyber Attacks,” Spectrum of Engineering Sciences, vol. 3, no. 11, pp. 899–922, 2025.
Z. Wang, “Deep Learning-Based Intrusion Detection with Adversaries,” IEEE Access, vol. 6, pp. 38367–38384, 2018.
