Detection of on-manifold adversarial attacks via latent space transformation

Mohmmad Al-Fawa'reh; Jumana Abu-khalaf; Naeem Janjua; Patryk Szewczyk

doi:10.1016/j.cose.2025.104431

Detection of on-manifold adversarial attacks via latent space transformation

Mohmmad Al-Fawa'reh, Jumana Abu-khalaf, Naeem Janjua, Patryk Szewczyk

College of Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

Out-of-distribution (OOD) generalization is critical for reliable intrusion detection systems (IDS), yet current methods often falter against stealthy, on-manifold adversarial attacks that mimic ID data. To solve this challenge, we propose a semi-supervised approach that applies an invertible transformation to the latent space and leverages changes in differential entropy to detect OOD samples. Experiments on the KDD99 and X-IIoTID datasets demonstrate that our approach outperforms state-of-the-art defenses, providing enhanced robustness and generalizability for IDS.

Original language	English
Article number	104431
Number of pages	15
Journal	Computers and Security
Volume	154
DOIs	https://doi.org/10.1016/j.cose.2025.104431
Publication status	Published - Jul 2025

Keywords

Intrusion detection
Machine learning
Robustness

Access to Document

10.1016/j.cose.2025.104431Licence: In Copyright

Cite this

@article{578ad60e1b604573bf8ca3389e65443e,

title = "Detection of on-manifold adversarial attacks via latent space transformation",

abstract = "Out-of-distribution (OOD) generalization is critical for reliable intrusion detection systems (IDS), yet current methods often falter against stealthy, on-manifold adversarial attacks that mimic ID data. To solve this challenge, we propose a semi-supervised approach that applies an invertible transformation to the latent space and leverages changes in differential entropy to detect OOD samples. Experiments on the KDD99 and X-IIoTID datasets demonstrate that our approach outperforms state-of-the-art defenses, providing enhanced robustness and generalizability for IDS.",

keywords = "Intrusion detection, Machine learning, Robustness",

author = "Mohmmad Al-Fawa'reh and Jumana Abu-khalaf and Naeem Janjua and Patryk Szewczyk",

year = "2025",

month = jul,

doi = "10.1016/j.cose.2025.104431",

language = "English",

volume = "154",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Ltd.",

}

TY - JOUR

T1 - Detection of on-manifold adversarial attacks via latent space transformation

AU - Al-Fawa'reh, Mohmmad

AU - Abu-khalaf, Jumana

AU - Janjua, Naeem

AU - Szewczyk, Patryk

PY - 2025/7

Y1 - 2025/7

N2 - Out-of-distribution (OOD) generalization is critical for reliable intrusion detection systems (IDS), yet current methods often falter against stealthy, on-manifold adversarial attacks that mimic ID data. To solve this challenge, we propose a semi-supervised approach that applies an invertible transformation to the latent space and leverages changes in differential entropy to detect OOD samples. Experiments on the KDD99 and X-IIoTID datasets demonstrate that our approach outperforms state-of-the-art defenses, providing enhanced robustness and generalizability for IDS.

AB - Out-of-distribution (OOD) generalization is critical for reliable intrusion detection systems (IDS), yet current methods often falter against stealthy, on-manifold adversarial attacks that mimic ID data. To solve this challenge, we propose a semi-supervised approach that applies an invertible transformation to the latent space and leverages changes in differential entropy to detect OOD samples. Experiments on the KDD99 and X-IIoTID datasets demonstrate that our approach outperforms state-of-the-art defenses, providing enhanced robustness and generalizability for IDS.

KW - Intrusion detection

KW - Machine learning

KW - Robustness

UR - http://www.scopus.com/inward/record.url?scp=105001169409&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2025.104431

DO - 10.1016/j.cose.2025.104431

M3 - Article

AN - SCOPUS:105001169409

SN - 0167-4048

VL - 154

JO - Computers and Security

JF - Computers and Security

M1 - 104431

ER -

Detection of on-manifold adversarial attacks via latent space transformation

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this