Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-based Intrusion Detection Against Adversarial Attacks

Jing Chen, Onat Gungor, Zhengli Shang, Elvin Li, Tajana Rosing

TL;DR

Dynamite tackles the challenge of defending ML-based intrusion detection systems against diverse adversarial attacks in IoT contexts by introducing a dynamic defense-selection framework. It trains multiple defenses, generates a wide array of adversarial samples, and uses an XGBoost-based selector to assign the most effective defense per attack scenario, dramatically reducing overhead while preserving accuracy. The approach achieves near-Oracle performance, outperforming random and best static defenses and demonstrating substantial improvements in both robustness and efficiency across UNSW-NB15 and WUSTL-IIoT datasets. This work offers a practical, scalable pathway to robust ML-IDS deployment in heterogeneous and evolving threat landscapes.

Abstract

The rapid proliferation of the Internet of Things (IoT) has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems (IDS). Machine learning-based intrusion detection systems (ML-IDS) have significantly improved threat detection capabilities; however, they remain highly susceptible to adversarial attacks. While numerous defense mechanisms have been proposed to enhance ML-IDS resilience, a systematic approach for selecting the most effective defense against a specific adversarial attack remains absent. To address this challenge, we propose Dynamite, a dynamic defense selection framework that enhances ML-IDS by intelligently identifying and deploying the most suitable defense using a machine learning-driven selection mechanism. Our results demonstrate that Dynamite achieves a 96.2% reduction in computational time compared to the Oracle, significantly decreasing computational overhead while preserving strong prediction performance. Dynamite also demonstrates an average F1-score improvement of 76.7% over random defense and 65.8% over the best static state-of-the-art defense.

DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-based Intrusion Detection Against Adversarial Attacks

TL;DR

Dynamite tackles the challenge of defending ML-based intrusion detection systems against diverse adversarial attacks in IoT contexts by introducing a dynamic defense-selection framework. It trains multiple defenses, generates a wide array of adversarial samples, and uses an XGBoost-based selector to assign the most effective defense per attack scenario, dramatically reducing overhead while preserving accuracy. The approach achieves near-Oracle performance, outperforming random and best static defenses and demonstrating substantial improvements in both robustness and efficiency across UNSW-NB15 and WUSTL-IIoT datasets. This work offers a practical, scalable pathway to robust ML-IDS deployment in heterogeneous and evolving threat landscapes.

Abstract

The rapid proliferation of the Internet of Things (IoT) has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems (IDS). Machine learning-based intrusion detection systems (ML-IDS) have significantly improved threat detection capabilities; however, they remain highly susceptible to adversarial attacks. While numerous defense mechanisms have been proposed to enhance ML-IDS resilience, a systematic approach for selecting the most effective defense against a specific adversarial attack remains absent. To address this challenge, we propose Dynamite, a dynamic defense selection framework that enhances ML-IDS by intelligently identifying and deploying the most suitable defense using a machine learning-driven selection mechanism. Our results demonstrate that Dynamite achieves a 96.2% reduction in computational time compared to the Oracle, significantly decreasing computational overhead while preserving strong prediction performance. Dynamite also demonstrates an average F1-score improvement of 76.7% over random defense and 65.8% over the best static state-of-the-art defense.

Paper Structure

This paper contains 24 sections, 1 equation, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Proposed Framework
  4. Data Preprocessing
  5. Generation of Adversarial Attack Samples
  6. Selected Adversarial Attacks
  7. Adversarial Dataset Generation
  8. Baseline Model Training
  9. Defense Model Training
  10. Optimal Defense Identification
  11. Constructing Attack Training and Attack Test Data
  12. Optimal Defense Selection
  13. Dynamic Defense Selection Algorithm
  14. Final Performance Comparison
  15. Experimental Analysis
  16. ...and 9 more sections

Figures (4)

  • Figure 1: SOTA Defense Performance Against Adversarial Attacks
  • Figure 2: Dynamite is a dynamic defense selection framework designed to enhance ML-based intrusion detection against adversarial attacks. It integrates baseline model training, adversarial sample generation, defense model training, and dynamic defense assignment to effectively address a wide range of attack scenarios.
  • Figure 3: Prediction Performance Comparison (UNSW-NB15)
  • Figure 4: Prediction Performance Comparison (WUSTL-IIoT)