Detection and Prevention of Machine Learning attacks in Adversarial setting
Despite the success of ML in real time applications, it shows a vulnerability to integrity attacks. Such attacks are often instantiated by adversarial examples: legitimate inputs altered by adding small, often imperceptible, perturbations to force a learned classifier to misclassify the resulting ad
2025-06-28 16:26:38 - Adil Khan
Detection and Prevention of Machine Learning attacks in Adversarial setting
Project Area of Specialization Artificial IntelligenceProject SummaryDespite the success of ML in real time applications, it shows a vulnerability to integrity attacks. Such attacks are often instantiated by adversarial examples: legitimate inputs altered by adding small, often imperceptible, perturbations to force a learned classifier to misclassify the resulting adversarial inputs, while remaining correctly classified by a human observer. That is why knowing the smallest disturbance gives us an idea of the level of robustness of ML model in the face of adversary attacks. When applied to machine learning based security products, these attacks can lead to a critical security breach. Although a considerable number of studies has been conducted on adversarial attacks in computer vision, there are very few studies on this issue of intrusion detection and intrusion prevention on network traffic. Therefore, we aim to defend against such attacks by implementing a successful defense mechanism by using adversarial training so that it may detect an adversarial attack and help prevent it.
Project ObjectivesWe aim to implement a defense method for machine learning that would successfully detect and prevent any unexpected adversarial attack that could harm our data and protect us from any unwelcomed intruders.
We first evaluate the result of adversarial attacks on a deep learning-based intrusion detection system. then, in the second part, we examine the efficiency of adversarial training as a means of making the system more robust against these attacks. we then summarized by discussing and analyzing the results obtained
Project Implementation MethodDespite their popularity, DNNs have proven to be vulnerable to adversarial attacks in network traffic where, by introducing imperceptible changes, an adversary can mislead the classifier and as a result a malicious packet could be labeled as benign and vice versa. Therefore, in our project we study the effect of adversarial attacks on our ML model and then train our model on those adversarial examples so that it may detect and prevent adversarial attacks. This is called adversarial training method.
The idea behind adversarial training is to inject adversarial examples with their correct labels into the training data so that the model learns how to handle them. To do this, we use the multiple attacks to generate adversarial samples before mixing them with the training data set.
Benefits of the ProjectOur project targets companies that are leaning toward ML for data processing and network flow. We provide an defense method against adversarial attacks that are a real threat to intrusion detection systems based on deep learning. By generating samples using adversarial attacks, an attacker can lead the system to misdetection and, given sufficient attack strength, the performance of the intrusion detection system can deteriorate significantly. Our project can improve to some extent the robustness of deep learning-based intrusion detection systems. However, it comes with a trade-off of slightly decreasing detector accuracy on benign network traffic.
Technical Details of Final DeliverableFirst GUI will show a window that will ask to select a benchmark out of three options. Once the benchmark is choosen another window will pop up for classifier that the user want from KNN, Decision Tree and Naïve Bayes.After that our system will take all the parameters and implement all attacks and perform adversarial training for the prevention and detection of adversarial attacks for future use and also display accuracy measures for all classifiers.
Final Deliverable of the Project Software SystemCore Industry SecurityOther Industries IT Core Technology Artificial Intelligence(AI)Other TechnologiesSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources| Item Name | Type | No. of Units | Per Unit Cost (in Rs) | Total (in Rs) |
|---|---|---|---|---|
| Total in (Rs) | 2000 | |||
| Printing | Miscellaneous | 100 | 20 | 2000 |