applyloginsubscribe
Source linked

Ensemble IDS mit Gradient Boosting und dreistufiger Verteidigung erzielt 99% Genauigkeit

arxiv.org@threat_watch3 hours ago·Cybersecurity·2 comments

Durch das Hinzufügen von XGBoost und LightGBM zu einem heterogenen Ensemble, verpackt in Isolation Forest Anomaly Screening und Median Feature Smoothing, hält IDS-Anta++ 99% saubere Datenerkennung bei FGSM- und ZOO-Angriffen.

ids antaxgboostlightgbmadversarial attacksintrusion detectionensemble learning

99% detection accuracy on clean data across three major intrusion-detection benchmarks, even after deliberately poking the model with adversarial perturbations. That's what IDS-Anta++ delivers by throwing gradient boosting into the ensemble and wrapping everything in a three-layer black-box defense.

Why Structural Diversity Matters for Adversarial Robustness

The baseline IDS-Anta framework already used Z-score normalization, Singular Value Decomposition, and a Multi-Armed Bandit with Thompson Sampling to pick classifiers. Its flaw: the classifier pool lacked structural diversity, so adversaries could exploit shared weaknesses. IDS-Anta++ fixes that by adding XGBoost and LightGBM, two gradient boosting models with fundamentally different decision boundaries. Now the ensemble can't be fooled by a single perturbation that works across all members.

Three-Layer Defense: From Anomaly Screening to Majority Voting

On top of the extended classifier pool sits a three-layer inference-time defense. First, Isolation Forest flags anomalous samples before they reach the classifiers. Then median feature smoothing dampens small adversarial perturbations in the feature space. Finally, a six-way majority vote across the full ensemble (including the two new boosters) decides the verdict. This isn't a single point of failure—it's layered, redundant, and hard to bypass.

Experimental Results That Back the Architecture

The team ran attacks using Fast Gradient Sign Method (FGSM) and Zeroth Order Optimization (ZOO) on CIC-IDS-2017, CEC-CIC-IDS-2018, and CIC-DDoS-2019. Clean data accuracy stayed above 99%. Under adversarial conditions, IDS-Anta++ showed measurable robustness gains over the baseline. No pie-in-the-sky numbers; they published the datasets and attack configurations, so any skeptic can reproduce the results.

What this means for production IDS is straightforward: you don't have to sacrifice clean-data performance to get adversarial resilience. A structurally heterogeneous ensemble with layered defensive filtering buys both. Next step is likely real-time latency profiling and adaptive retraining strategies—but the architecture is already deployable for environments where adversarial perturbation is the threat model.

Source: SHIELD-IDS: Structurally Heterogeneous Ensemble with Integrated Layered Defense for Intrusion Detection Systems
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Stability Doesn't Mean Safe: Gain Attacks on Agentic CPS

A stability-preserving gain replacement can produce transient amplification far beyond safe operating limits, proving that stability verification alone cannot bound physical harm in agentic cyber-physical systems.

Russian Satellites Caused GPS Blackouts Across Europe-Here's the Data

Researchers identified 75 days of GPS jamming from Russian satellites, with bursts detectable from Norway to Canada.

CISA Flags Active Exploits in LiteLLM and Check Point Gateways

Two new CVEs-a command injection in BerriAI's LLM proxy and an auth bypass in Check Point firewalls-are now on the KEV catalog with a federal remediation deadline.

70 Microsoft GitHub Repos Disabled After Hackers Inject Password-Stealing Malware

Hackers planted credential-stealing code into at least 70 Microsoft open-source projects used with Claude Code, Gemini CLI, and VS Code - a second breach on Microsoft's own repos in under a month.

Comments load interactively on the live page.