Enhancing Adversarial Robustness in Network Intrusion Detection: A Layer-wise Adaptive Regularization Approach

The new wave of adversarial attacks that utilize gradient-related vulnerabilities in neural network-based classifiers makes Network Intrusion Detection Systems more open to such threats. Although state-of-the-art adversarial training methods have shown promising results in producing more robust classifiers, their interpretability and defense ability are limited due to their lack of understanding of how adversarial attacks propagate in different layers of network classifiers. In this paper, we present an insightful approach, called LARAR (Layer-wise Adversarial Robustness using Adaptive Regularization), that incorporates additional layer-wise vulnerability analysis and adaptive weighting in conventional adversarial training methods. Additionally, we utilize 'Auxiliary Classifiers' in our approach. LARAR provides interpretable layer-wise vulnerability scores, achieves a clean accuracy of 95.01%, and provides better robustness against adversarial attacks (FGSM, PGD, and transfer attacks) on the UNSW-NB15 dataset. Through the identification of vulnerable layers, the proposed framework reduces computational complexity and enables the early detection of adversarial samples, thus enhancing the effectiveness and interpretability of adversarial defense mechanisms in NIDS.