Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning

Oluseyi Olukola, Nick Rahimi

TL;DR

An attack-aware multi-stage defense framework that learns attack-specific detection strategies through a weighted combination of ensemble disagreement, predictive uncertainty, and distributional anomaly signals is proposed, enabling a two-stage adaptive detection mechanism.

Abstract

Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for heterogeneous attack characteristics. This paper proposes an attack-aware multi-stage defense framework that learns attack-specific detection strategies through a weighted combination of ensemble disagreement, predictive uncertainty, and distributional anomaly signals. Empirical analysis across seven adversarial attack types reveals distinct detection signatures, enabling a two-stage adaptive detection mechanism. Experimental evaluation on a benchmark intrusion detection dataset indicates that the proposed system attains 94.2% area under the receiver operating characteristic curve and improves classification accuracy by 4.5 percentage points and F1-score by 9.0 points over adversarially trained ensembles. Under adaptive white-box attacks with full architectural knowledge, the system appears to maintain 94.4% accuracy with a 4.2% attack success rate, though this evaluation is limited to two adaptive variants and does not constitute a formal robustness guarantee. Cross-dataset validation further suggests that defense effectiveness depends on baseline classifier competence and may vary with feature dimensionality. These results suggest that attack-specific optimization combined with multi-signal integration can provide a practical approach to improving adversarial robustness in machine learning-based intrusion detection systems.

AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning

TL;DR

An attack-aware multi-stage defense framework that learns attack-specific detection strategies through a weighted combination of ensemble disagreement, predictive uncertainty, and distributional anomaly signals is proposed, enabling a two-stage adaptive detection mechanism.

Abstract

Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for heterogeneous attack characteristics. This paper proposes an attack-aware multi-stage defense framework that learns attack-specific detection strategies through a weighted combination of ensemble disagreement, predictive uncertainty, and distributional anomaly signals. Empirical analysis across seven adversarial attack types reveals distinct detection signatures, enabling a two-stage adaptive detection mechanism. Experimental evaluation on a benchmark intrusion detection dataset indicates that the proposed system attains 94.2% area under the receiver operating characteristic curve and improves classification accuracy by 4.5 percentage points and F1-score by 9.0 points over adversarially trained ensembles. Under adaptive white-box attacks with full architectural knowledge, the system appears to maintain 94.4% accuracy with a 4.2% attack success rate, though this evaluation is limited to two adaptive variants and does not constitute a formal robustness guarantee. Cross-dataset validation further suggests that defense effectiveness depends on baseline classifier competence and may vary with feature dimensionality. These results suggest that attack-specific optimization combined with multi-signal integration can provide a practical approach to improving adversarial robustness in machine learning-based intrusion detection systems.
Paper Structure (25 sections, 8 equations, 2 figures, 7 tables, 3 algorithms)

This paper contains 25 sections, 8 equations, 2 figures, 7 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Method
  4. Ensemble Methodology
  5. Model Selection and Disagreement
  6. Multi-Signal Detection
  7. Weighted Combination and Learning
  8. Two-Stage Adaptive Detection
  9. Weight Learning
  10. Confidence-Based Blending
  11. Training Pipeline
  12. Inference Pipeline
  13. Experimental Evaluation
  14. Results
  15. Primary Evaluation on CSE-CIC-IDS2018
  16. ...and 10 more sections

Figures (2)

  • Figure 1: AMDS system architecture. Network traffic is processed through four components: ensemble prediction with disagreement computation, cascade routing for efficiency-aware triage, two-stage adaptive detection with category-specific refinement, and attack-adaptive model weighting, producing dual outputs for adversarial detection and attack classification.
  • Figure 2: Per-attack performance comparison on CSE-CIC-IDS2018. AMDS achieves substantial improvements on distribution shift attacks (+29.3 pp Injection, +6.1 pp Morphing vs Standard), with small regression on gradient attacks ($-1.6$ pp average). Adversarial training appears to provide minimal benefit over standard training.