MANDA: On Adversarial Example Detection for Network Intrusion Detection System

With the rapid advancement in machine learning (ML), ML-based Intrusion Detection Systems (IDSs) are widely deployed to protect networks from various attacks. One of the biggest challenges is that ML-based IDSs suffer from adversarial example (AE) attacks. By applying small perturbations (e.g., slightly increasing packet inter-arrival time) to the intrusion traffic, an AE attack can flip the prediction of a well-trained IDS. We address this challenge by proposing MANDA, a MANifold and Decision boundary-based AE detection system. Through analyzing AE attacks, we notice that 1) an AE tends to be close to its original manifold (i.e., the cluster of samples in its original class) regardless of which class it is misclassified into; and 2) AEs tend to be close to the decision boundary to minimize the perturbation scale. Based on the two observations, we design MANDA for accurate AE detection by exploiting inconsistency between manifold evaluation and IDS model inference and evaluating model uncertainty on small perturbations. We evaluate MANDA on both binary IDS and multi-class IDS on two datasets (NSL-KDD and CICIDS) under three state-of-the-art AE attacks. Our experimental results show that MANDA achieves high true-positive rate (98.41%) with a 5% false-positive rate.

• Publication year

  2023

• Venue

  IEEE Transactions on Dependable and Secure Computing

• Publication date

  2023-03-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TDSC.2022.3148990
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• FeCo: Boosting Intrusion Detection Capability in IoT Networks via Contrastive Learning

  2025cited by this paper
• Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations

  2021cited by this paper
• MANDA: On Adversarial Example Detection for Network Intrusion Detection System

  2021cited by this paper
• Generative adversarial attacks against intrusion detection systems using active learning

  2020influential reference
• Exploring Data Correlation between Feature Pairs for Generating Constraint-based Adversarial Examples

  2020cited by this paper
• Intriguing Properties of Adversarial ML Attacks in the Problem Space

  2019cited by this paper
• Adversarial Attack Against DoS Intrusion Detection: An Improved Boundary-Based Method

  2019cited by this paper
• Evaluating the effectiveness of Adversarial Attacks against Botnet Detectors

  2019cited by this paper
• Image Super-Resolution as a Defense Against Adversarial Attacks

  2019cited by this paper
• A New Defense Against Adversarial Images: Turning a Weakness into a Strength

  2019cited by this paper
• Evading Machine Learning Botnet Detection Models via Deep Reinforcement Learning

  2019influential reference
• Bringing a GAN to a Knife-Fight: Adapting Malware Communication to Avoid Detection

  2018influential reference
• IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection

  2018influential reference
• SBNet: Sparse Blocks Network for Fast Inference

  2018cited by this paper
• Robust Detection of Adversarial Attacks by Modeling the Intrinsic Properties of Deep Neural Networks

  2018cited by this paper
• Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

  2018cited by this paper
• Detecting Adversarial Examples Through Image Transformation

  2018cited by this paper
• On Detecting Adversarial Perturbations

  2017cited by this paper
• PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples

  2017cited by this paper
• Towards Deep Learning Models Resistant to Adversarial Attacks

  2017cited by this paper
• Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks

  2017cited by this paper
• Detecting Adversarial Samples from Artifacts

  2017influential reference
• Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction

  2017cited by this paper
• On the (Statistical) Detection of Adversarial Examples

  2017cited by this paper
• Adversarial and Clean Data Are Not Twins

  2017cited by this paper
• The Microsoft 2017 Conversational Speech Recognition System

  2017cited by this paper
• Ensemble Adversarial Training: Attacks and Defenses

  2017cited by this paper
• DDoS in the IoT: Mirai and Other Botnets

  2017cited by this paper
• Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods

  2017cited by this paper
• Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers

  2016influential reference
• Towards Evaluating the Robustness of Neural Networks

  2016cited by this paper
• Early Methods for Detecting Adversarial Images

  2016cited by this paper
• Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples

  2016cited by this paper
• Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics

  2016cited by this paper
• Adversarial Feature Learning

  2016cited by this paper
• Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples

  2016cited by this paper
• Adversarial examples in the physical world

  2016cited by this paper
• Google’s Multilingual Neural Machine Translation System: Enabling Zero-Shot Translation

  2016cited by this paper
• A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms

  2015cited by this paper
• On the method of directly defining inverse mapping for nonlinear differential equations

  2015cited by this paper
• The Limitations of Deep Learning in Adversarial Settings

  2015cited by this paper
• Dynamic defense strategy against advanced persistent threat with insiders

  2015cited by this paper
• Explaining and Harnessing Adversarial Examples

  2014influential reference
• DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking

  2014cited by this paper
• Intrusion detection system: A comprehensive review

  2013cited by this paper
• Intriguing properties of neural networks

  2013cited by this paper
• Scikit-learn: Machine Learning in Python

  2011cited by this paper
• A detailed analysis of the KDD CUP 99 data set

  2009cited by this paper
• Anomaly-based network intrusion detection: Techniques, systems and challenges

  2009cited by this paper
• Manifold Discriminant Analysis

  2009cited by this paper
• Riemannian Manifold Learning

  2008cited by this paper
• Learning with Local and Global Consistency

  2003cited by this paper
• Laplacian Eigenmaps and Spectral Techniques for Embedding and Clustering

  2001cited by this paper
• Testing Intrusion detection systems

  2000cited by this paper
• Nonlinear dimensionality reduction by locally linear embedding.

  2000cited by this paper
• Gradient-based learning applied to document recognition

  1998cited by this paper
• Feature Extraction Based on Decision Boundaries

  1993cited by this paper
• A Global Geometric Framework for Nonlinear Dimensionality Reduction

  year unknowncited by this paper

• Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions

  2026cites this paper
• Hybrid K-Means-PCA Framework for Geospatial Crime Prediction Using a Machine Learning Attention Based Model

  2025cites this paper
• TND: Two-stage non-invasive defense of intrusion detection system from adversarial attack

  2025cites this paper
• Abnormal traffic detection based on image recognition and attention-residual optimization

  2025cites this paper
• Robust detection of unknown adversarial examples in network traffic via enhanced latent spatial distribution analysis with diffusion model

  2025cites this paper
• MTRC: A self-supervised network intrusion detection framework based on multiple Transformers enabled data reconstruction with contrastive learning

  2025cites this paper
• Adversarial Machine Learning in IoT Security: A Comprehensive Survey

  2025cites this paper
• Interpretable intrusion detection for IoT security: A SHAP-enhanced NGBoost model

  2025cites this paper
• Real-Time Threat Detection and Incident Response Using ML

  2025cites this paper
• NIDS-DA: Detecting functionally preserved adversarial examples for network intrusion detection system using deep autoencoders

  2025cites this paper
• Adversarial attacks based on time-series features for traffic detection

  2024cites this paper
• NIDS-Vis: Improving the generalized adversarial robustness of network intrusion detection system

  2024cites this paper
• A Systematic Study of Adversarial Attacks Against Network Intrusion Detection Systems

  2024cites this paper
• Network intrusion detection system by learning jointly from tabular and text‐based features

  2023influential citation
• A Simple Framework to Enhance the Adversarial Robustness of Deep Learning-based Intrusion Detection System

  2023influential citation
• Feature Importance-Based Backdoor Attack in NSL-KDD

  2023cites this paper
• MANDA: On Adversarial Example Detection for Network Intrusion Detection System

  2021cites this paper