Adversarial examples can represent a serious threat to machine learning (ML) algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems (NIDS), they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS towards adversarial attacks. To that end, we explore two adversarial methods for generating malicious network traffic. The first method is based on Generative Adversarial Networks (GAN) and the second one is the Fast Gradient Sign Method (FGSM). The adversarial examples generated by these methods are then used to evaluate a novel multilayer defense mechanism, specifically designed to mitigate the vulnerability of ML-based NIDS. Our solution consists of one layer of stacking classifiers and a second layer based on an autoencoder. If the incoming network data are classified as benign by the first layer, the second layer is activated to ensure that the decision made by the stacking classifier is correct. We also incorporated adversarial training to further improve the robustness of our solution. Experiments on two datasets, namely UNSW-NB15 and NSL-KDD, demonstrate that the proposed approach increases resilience to adversarial attacks.

翻译：对抗性样本可能对机器学习算法构成严重威胁。若用于操纵基于机器学习的网络入侵检测系统的行为，它们可能危及网络安全。本研究旨在通过提升网络入侵检测系统对对抗性攻击的鲁棒性来缓解此类风险。为此，我们探索了两种生成恶意网络流量的对抗性方法。第一种方法基于生成对抗网络，第二种方法为快速梯度符号法。这些方法生成的对抗性样本随后用于评估一种新颖的多层防御机制，该机制专门设计用于缓解基于机器学习的网络入侵检测系统的脆弱性。我们的解决方案包含一层堆叠分类器和一个基于自编码器的第二层。若传入的网络数据被第一层分类为良性，则激活第二层以确保堆叠分类器所作决策的正确性。我们还引入了对抗性训练以进一步提升解决方案的鲁棒性。在UNSW-NB15和NSL-KDD两个数据集上的实验表明，所提方法增强了对对抗性攻击的抵御能力。