Min-max Training: Adversarially Robust Learning Models for Network Intrusion Detection Systems

Intrusion detection systems are integral to the security of networked systems for detecting malicious or anomalous network traffic. As traditional approaches are becoming less effective, machine learning and deep learning-based intrusion detection systems are vital research areas for improved detection systems. Past research into computer vision using deep learning revealed that the deep learning-based classifiers themselves are vulnerable to adversarial attacks, and these attacks have been investigated extensively. However, adversarial attacks are restricted not only to the domain of image recognition. As indicated by previous research, various domains employing machine learning/deep learning classifiers are vulnerable to attack. Our work evaluates the effectiveness of adversarial robustness training when applied to intrusion detection systems based on deep learning classification models. We propose a novel, simple adversarial retraining method to build models robust to adversarial evasion attacks.