Computational nanotechnology

2313-223X2587-9693

YUR-VAK

309696

10.33693/2313-223X-2025-12-1-17-25

LSJCNO

CYBERSECURITY

КИБЕРБЕЗОПАСНОСТЬ

Research Article

Models and Algorithms for Protecting Intrusion Detection Systems from Attacks on Machine Learning Components

Модели и алгоритмы защиты систем обнаружения вторжений от атак на компоненты машинного обучения

59130078100

1771-7389

Ichetovkin

Egor А.

Ичетовкин

Егор Андреевич

Russian Federation

Postgraduate Student of the Laboratory of Computer Security Problems

аспирант лаборатории проблем компьютерной безопасности

ichetovkin.e@iias.spb.su

https://orcid.org/0000-0001-6859-7120

15925268000

7393-4229

Kotenko

Igor V.

Котенко

Игорь Витальевич

Russian Federation

Dr. Sci. (Eng.), Professor, Honored Scientist of the Russian Federation, Chief Researcher and Head of the Laboratory of Computer Security Problems

доктор технических наук, профессор, Заслуженный деятель науки РФ, главный научный сотрудник и руководитель лаборатории проблем компьютерной безопасности

ivkote@comsec.spb.ru

Saint Petersburg Federal Research Center of the Russian Academy of SciencesСанкт-Петербургский Федеральный исследовательский центр Российской академии наук

19062025

121172518092025

2025

Yur-VAK

Юр-ВАК

https://www.urvak.ru/contacts/

https://journals.rcsi.science/2313-223X/article/view/309696

Today, one of the means of protecting network infrastructure from cyberattacks is intrusion detection systems. Digitalization requires the use of tools that can cope not only with known types of attacks, but also with previously undescribed ones. Machine learning can be used to protect against such threats. The paper presents models and algorithms for protecting against evasion attacks on machine learning components of intrusion detection systems. The novelty is that for the first time, a simulation of the use of a protection subsystem based on long-short-term memory autoencoders during a fast gradient sign attack was carried out. The methodology consists in simulating adversarial attacks with an assessment of the effectiveness of protection using classical metrics: accuracy, recall, F-measure. The results of the study showed the effectiveness of the proposed subsystem for protecting machine learning components of intrusion detection systems from evasion attacks. The detection indicators were restored almost to their original values.

На сегодняшний день одним из средств защиты сетевой инфраструктуры от кибератак являются системы обнаружения вторжений. Цифровизация требует использования средств, которые позволяют справляться не только с известными видами атак, но и с ранее не описанными. Для защиты от таких угроз возможно использование машинного обучения. В работе представлены модели и алгоритмы защиты от атак уклонением на компоненты машинного обучения систем обнаружения вторжений. Новизна в том, что впервые было проведено моделирование применения подсистемы защиты на базе автоэнкодеров длительной-кратковременной памяти во время атаки быстрого градиентного знака. Методология заключается в моделирование состязательных атак с оценкой эффективности защиты классическими метриками: точность, полнота, F-мера. Результаты исследования показали эффективность предложенной подсистемы защиты компонентов машинного обучения систем обнаружения вторжений от атак уклонением. Показатели детектирования удалось восстановить практически до исходных значений.

cybersecurityintrusion detection systemsmachine learning componentsadversarial attacksdefence techniques

кибербезопасностьсистемы обнаружения вторженийкомпоненты машинного обучениясостязательные атакиметоды защиты

Ahmad Z., Khan, A.S., Shiang C.W. et al. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies. 2021. Vol. 32. No. 1. P. e4150. DOI: 10.1002/ett.4150.

Kotenko I., Polubelova O., Saenko I., Doynikova E. The ontology of metrics for security evaluation and decision support in SIEM systems // International Conference on Availability, Reliability and Security ARES 2013. Pp. 638–645, 6657300. DOI: 10.1109/ARES.2013.84.

Ichetovkin E., Kotenko I. Modeling poisoning attacks against machine learning components of intrusion detection systems. In: IEEE 25th International Conference of Young Professionals in Electron Devices and Materials (EDM), Altai, 2024. Pp. 1850–1855. DOI: 10.1109/EDM61683.2024.10615198.

Ichetovkin E., Kotenko I. Modeling attacks on machine learning components of intrusion detection systems. In: International Russian Smart Industry Conference (SmartIndustryCon). Sochi, 2024. Pp. 261–266, DOI: 10.1109/SmartIndustryCon61328.2024.10515506.

Alhajjar E., Maxwell P., Bastian N. Adversarial machine learning in network intrusion detection systems. Expert Systems with Applications. 2021. Vol. 186. P. 115782. DOI: 10.1016/j.eswa.2021.115782.

Alotaibi A., Rassam M.A. Adversarial machine learning attacks against intrusion detection systems: A survey on strategies and defense. Future Internet. 2023. Vol. 15. No. 2. P. 62. DOI: 10.3390/fi15020062.

Apruzzese G., Andreolini M., Ferretti L. et al. Modeling realistic adversarial attacks against network intrusion detection system. Digital Threats: Research and Practice. 2022. Vol. 3. No. 3. Pp. 1–19. DOI: 10.1145/3530870.

Madry A., Makelov A., Schmidt L. et al. Towards deep learning models resistant to adversarial attacks. In: Proceedings of the International Conference on Learning Representations (ICLR), 2018. DOI: 10.48550/arXiv.1706.06083.

Alahmed S., Alasad Q., Hammood M.M. et al. Mitigation of black-box attacks on intrusion detection systems-based ML. Computers. 2022. Vol. 11. No. 7. P. 115. DOI: 10.3390/computers11070115.

10.

Rosenberg I., Shabtai A., Elovici Y., Rokach L. Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Computing Surveys. 2021. Vol. 54. No. 5. Pp. 1–36. DOI: 10.1145/3453158.

11.

Ravi V., Chaganti R., Alazab M. Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system. Computers and Electrical Engineering. 2022. Vol. 102. P. 108156. DOI: 10.1016/j.compeleceng.2022.108156.

12.

Nazir A. et al. A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Engineering Journal. 2024. P. 102777. DOI: 10.1016/j.asej.2024.102777.

13.

Debicha I., Debatty T., Dricot J.-M., Mees W. Adversarial training for deep learning-based intrusion detection systems. arXiv preprint arXiv:2104.09852. 2021. DOI: 10.48550/arXiv.2104.09852.

14.

Mohammadian H., Ghorbani A.A., Lashkari A.H. A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems. Applied Soft Computing. 2023. Vol. 137. P. 110173. DOI: 10.1016/j.asoc.2023.110173.

15.

Panigrahi R., Borah S. A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems. Interna-tional Journal of Engineering & Technology. 2018. Vol. 7. No. 3.24. Pp. 479–482.

16.

Kurniabudi D.S., Darmawijoyo M.Y., Bin I. et al. CICIDS-2017 Dataset feature analysis with information gain for anomaly detection. IEEE Access. 2020. Vol. 8. Pp. 132911–132921. DOI: 10.1109/ACCESS.2020.3009843.

17.

Verkerken M., D’hooge L., Sudyana D. et al. Novel multi-stage approach for hierarchical intrusion detection. IEEE Transactions on Network and Service Management. 2023. No. 99. Pp. 1–1.

18.

Goryunov M., Matskevich A., Rybolovlev D. Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset. Proc. ISP RAS. 2020. Vol. 32. Issue 5. Pp. 81–94. (In Rus.)

19.

Belarbi O., Khan A., Carnelli P., Spyridopoulos T. An intrusion detection system based on deep belief networks. In: 4th International Conference on Science of Cyber Security (SciSec 2022). Springer International Publishing, Cham, 2022. Pp. 377–392.

20.

Ayub M.A., Johnson W.A., Talbert D.A., Siraj A. Model evasion attack on intrusion detection systems using adversarial machine learning. In: 54th Annual Conference on Information Sciences and Systems (CISS), 2020. Pp. 1–6. DOI: 10.1109/CISS48834.2020.1570617295.

21.

Primartha R., Tama B.A. Anomaly detection using random forest: A performance revisited. In: Proceedings of International Conference on Data and Software Engineering (ICoDSE), Palembang, Indonesia, November 1–2, 2017. Pp. 1–6.

22.

Kalaivaani P.T., Krishnamoorthy R., Reddy A.S., Chelladurai A.D.D. Adaptive multimode decision tree classification model using effective system analysis in IDS for 5G and IoT security issues. In: Secure Communication for 5G and IoT Networks. Springer, 2022. Pp. 141–158.

23.

Goodfellow I.J., Shlens J., Szegedy C. Explaining and harnessing adversarial examples. In: Proceedings of the International Conference on Learning Representations (ICLR), 2015. DOI: 10.48550/arXiv.1412.6572.

24.

Jmila H., Khedher M.I. Adversarial machine learning for network intrusion detection: A comparative study. Computer Networks. 2022. Vol. 214. P. 109073. DOI: 10.1016/j.comnet.2022.109073.

25.

Szegedy C. et al. Intriguing properties of neural networks. In: Proceedings of the International Conference on Learning Representations (ICLR), 2014. DOI: 10.48550/arXiv.1312.6199.

26.

Sheatsley R. et al. Adversarial examples for network intrusion detection systems. Journal of Computer Security. 2022. Vol. 30. No. 5. Pp. 727–752. DOI: 10.3233/JCS-210034.

27.

Laghrissi F.E., Douzi S., Douzi K., Hssina B. Intrusion detection systems using Long Short-Term Memory (LSTM). Journal of Big Data. 2021. Vol. 8. No. 1. P. 65. DOI: 10.1186/s40537-021-00453-7.

28.

Papernot N. et al. The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security and Privacy (EuroS&P), 2016. Pp. 372–387. DOI: 10.1109/EuroSP.2016.36.

29.

Carlini N., Athalye A., Papernot N. et al. On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705. 2019. DOI: 10.48550/arXiv.1902.06705.

30.

Ibitoye O., Abou-Khamis R., El Shehaby M. et al. The threat of adversarial attacks on machine learning in network Security – A Survey. arXiv preprint arXiv:1911.02621. 2019. DOI: 10.48550/arXiv.1911.02621.