Machine Learning (ML) is susceptible to adversarial attacks that aim to trick ML models, making them produce faulty predictions. Adversarial training was found to increase the robustness of ML models against these attacks. However, in network and cybersecurity, obtaining labeled training and adversarial training data is challenging and costly. Furthermore, concept drift deepens the challenge, particularly in dynamic domains like network and cybersecurity, and requires various models to conduct periodic retraining. This letter introduces Adaptive Continuous Adversarial Training (ACAT) to continuously integrate adversarial training samples into the model during ongoing learning sessions, using real-world detected adversarial data, to enhance model resilience against evolving adversarial threats. ACAT is an adaptive defense mechanism that utilizes periodic retraining to effectively counter adversarial attacks while mitigating catastrophic forgetting. Our approach also reduces the total time required for adversarial sample detection, especially in environments such as network security where the rate of attacks could be very high. Traditional detection processes that involve two stages may result in lengthy procedures. Experimental results using a SPAM detection dataset demonstrate that with ACAT, the accuracy of the SPAM filter increased from 69% to over 88% after just three retraining sessions. Furthermore, ACAT outperforms conventional adversarial sample detectors, providing faster decision times, up to four times faster in some cases.

翻译：机器学习（ML）易受对抗性攻击的影响，此类攻击旨在欺骗ML模型，使其产生错误预测。研究发现，对抗训练可增强ML模型抵御这些攻击的鲁棒性。然而，在网络与网络安全领域，获取带标签的训练数据及对抗训练数据既困难又成本高昂。此外，概念漂移进一步加剧了挑战——尤其在网络与网络安全等动态领域，要求各类模型定期重新训练。本文提出自适应连续对抗训练（ACAT），可在持续学习过程中利用真实世界检测到的对抗数据，不断将对抗训练样本整合至模型中，以增强模型应对不断演变的对抗性威胁的能力。ACAT是一种自适应防御机制，通过周期性重新训练有效对抗攻击，同时缓解灾难性遗忘。该方法还能减少对抗样本检测所需的总时间，尤其在攻击频率可能极高的网络安全等环境中。传统涉及两阶段的检测流程可能产生冗长过程。基于SPAM检测数据集的实验结果表明，采用ACAT后，垃圾邮件过滤器的准确率在仅三次重新训练后便从69%提升至超过88%。此外，ACAT的性能优于传统对抗样本检测器，可在部分情况下提供快达四倍的决策时间。