Evasion attacks present a significant challenge to the robustness of machine learning (ML)-based classifiers, particularly in critical applications such as fraud detection and cybersecurity. Although existing defense mechanisms are effective in some settings, they often suffer from limited generalizability and do not systematically improve model robustness across diverse attack scenarios. To address these limitations, we introduce Robust Ensemble of Selectively Strengthened and Augmented Predictors (RESSAP), a novel framework that transforms a single classifier into an ensemble of robust classifiers. Each classifier in the ensemble is trained on a carefully selected subset of features, where feature selection is guided by a resilience metric that accounts for both feature importance and robustness. During inference, a random subset of these classifiers is used to make predictions, increasing unpredictability and improving resistance to adversarial manipulation. In addition, noise-based data augmentation is applied during training to strengthen decision boundaries and improve generalization. Our experimental results demonstrate that RESSAP significantly improves robustness against adversarial evasion attacks while maintaining strong accuracy on clean data. Overall, this model-agnostic framework provides a scalable and flexible defense strategy for enhancing the security of machine learning systems without requiring major changes to existing architectures.

翻译：规避攻击对基于机器学习的分类器的鲁棒性构成了重大挑战，尤其是在欺诈检测和网络安全等关键应用中。尽管现有防御机制在某些场景下有效，但它们通常泛化性有限，且未能系统性地提升模型在不同攻击场景下的鲁棒性。为解决这些局限，我们提出选择性强化与增强预测器的鲁棒集成（RESSAP），一种将单一分类器转化为鲁棒分类器集成的新型框架。集成中的每个分类器均在精心选择的特征子集上训练，特征选择由兼顾特征重要性与鲁棒性的弹性度量指导。推理时，随机选取该集成中的一部分分类器进行预测，从而增强不可预测性并提升对对抗性篡改的抵抗力。此外，训练中应用基于噪声的数据增强以强化决策边界并改善泛化。实验结果表明，RESSAP在保持干净数据高精度的同时，显著提升了对对抗性规避攻击的鲁棒性。总体而言，这一模型无关的框架为增强机器学习系统安全性提供了可扩展且灵活的防御策略，且无需对现有架构进行重大修改。