ENSEMBLE ADVERSARIAL TRAINING BASED DEFENSE AGAINST ADVERSARIAL ATTACKS FOR MACHINE LEARNING-BASED INTRUSION DETECTION SYSTEM M.S. Haroon * , H.M. Ali * Abstract: In this paper, a defence mechanism is proposed against adversarial at- tacks. The defence is based on an ensemble classifier that is adversarially trained. This is accomplished by generating adversarial attacks from four different attack methods, i.e., Jacobian-based saliency map attack (JSMA), projected gradient de- scent (PGD), momentum iterative method (MIM), and fast gradient signed method (FGSM). The adversarial examples are used to identify the robust machine-learning algorithms which eventually participate in the ensemble. The adversarial attacks are divided into seen and unseen attacks. To validate our work, the experiments are conducted using NSLKDD, UNSW-NB15 and CICIDS17 datasets. Grid search for the ensemble is used to optimise results. The parameter used for performance evaluations is accuracy, F1 score and AUC score. It is shown that an adversarially trained ensemble classifier produces better results. Key words: adversarial attack, adversarial training, ensemble adversarial training, intrusion detection system, machine learning Received: February 20, 2023 DOI: 10.14311/NNW.2023.33.018 Revised and accepted: June 15, 2023 1. Introduction An intrusion detection system (IDS) is an important tool to ensure the security of the network. Traditional intrusion detection systems mainly rely on expert knowl- edge to build rule sets to detect network attacks. However, the attack method of network attacks is changing rapidly, and traditional rule-based intrusion detection systems can not cope with this [1]. Therefore, in recent years, many researchers have begun to use machine learning (ML) algorithms to build intrusion detection systems [2]. Many machine learning-based intrusion detection systems have been proposed. However, it has been shown that ML algorithms are vulnerable to adversarial * Muhammad Shahzad Haroon – Corresponding author; Husnain Mansoor Ali; Department of Computer Science, Shaheed Zulfikar Ali Bhutto Institute of Science and Technology (SZABIST), Block 5 Clifton, Karachi, Sindh 75600, Pakistan, E-mail: shahzad.haroon@szabist.edu.pk, husnain.mansoor@szabist.edu.pk ©CTU FTS 2023 317