Dimensional Robustness Certification for Deep Neural Networks in Network Intrusion Detection Systems Article Swipe
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.1145/3715121
· OA: W4409483265
Network intrusion detection systems based on deep learning are gaining significant traction in cyber security due to their high prediction accuracy and strong adaptability to evolving cyber threats. However, a serious drawback is their vulnerability to evasion attacks that rely on adversarial examples. To provide robustness guarantees for deep neural networks against any possible perturbations, certified defenses against perturbations within a l p -bounded region around the input are being increasingly explored. Unfortunately, unlike existing image domain approaches that concentrate on homogeneous input feature spaces, the progress on certified defense for the network traffic domain, which is characterized by heterogeneous features, has been very limited. To address such a gap, we present the design and practicality of a novel framework, Multi-order Adaptive Randomized Smoothing (MARS), for certifying the robustness of network intrusion detectors based on deep neural networks. Experiments on various network intrusion detection systems show that MARS significantly improves the tightness of robustness certification (12.23% increase in l 2 certified radius), detection accuracy on evasion attack (7.17% improvement on \(l_{\infty }\) -PGD, 10.11% improvement on l 1 -EAD), and prediction accuracy on natural corruption (16.65% enhancement on latency, 18.23% enhancement on packet loss) compared to the SOTA method. We have also conducted an extensive analysis of the dimension-wise certified robustness of the network intrusion detector. The results indicate that the dimensional certified radii obtained using MARS reveal the robustness differences across feature dimensions, aligning with the empirical evaluation findings.
