Adversarial Machine Learning for Cyber security Defense: Detecting Model Evasion, Poisoning Attacks, and Enhancing the Robustness of AI Systems

Authors

  • Nadeem Jehan Department of Computer Science, Institute of Management Sciences Peshawar Author
  • Nadia Mustaqim Ansari Department of Electronic Engineering, Dawood University of Engineering and Technology, Karachi Author
  • Zia Ashraf College of Allied Health Professionals, Government College University, Faisalabad Author
  • Muhammad Adnan Bashir Department of Mathematics, University of Management and Technology Author
  • Hassam Gul International Islamic University, Islamabad image/svg+xml Author
  • Ali Raza Department of Computer Science and Information Technology, Superior University Lahore Author

DOI:

https://doi.org/10.53762/grjnst.03.02.07

Keywords:

Adversarial Machine Learning, Cybersecurity, Model Evasion, Poisoning Attacks, Adversarial Training, Input Transformation, Robustness, Intrusion Detection, Malware Classification, AI Security.

Abstract

Adversarial machine learning has become a significant threat in the area of cybersecurity since machine learning models utilized for tasks, including intrusion detection, malware classification, and phishing identification, are highly susceptible to adversarial attacks. These include model evasion and poisoning where the adversaries target the flaws in AI systems to cause the system to perform poorly and potentially let malicious activities go through security measures. This paper assesses the efficacy of adversarial attacks on decision trees, SVM, DNN, and XGBoost models, as well as the performance of defense mechanisms for improving model security. In particular, the study focuses on adversarial training, input transformation, adversarial regularization, as well as certified defenses and evaluates them with respect to their capability to protect against adversarial perturbations. Therefore, it can be inferred that under adversarial conditions, all the models face severe performance drop, yet, adversarial training is the best defense mechanism, especially for the complicated models like DNN and XGBoost. However, some of the limitations stated include higher computational complexity and also the need to update the defense mechanisms in response to emerging threats. The examination highlights the need to consider the large-scale and effectiveness when designing the defense strategies for securing the AI-based cybersecurity systems against adversarial manipulation in real-world settings.

Downloads

Download data is not yet available.

Downloads

Published

2025-04-25

Issue

Vol. 3 No. 2

Section

Articles

License

Copyright (c) 2025 Zeeshan Zarwar, Fazal Jalal, Sarir Ahmad, Awais Ahmad, Aneeha Amin, Zia Ur Rahman, Muhammad Akbar Zardari, Salma, Muhammad Nawaz, Asad Ullah, Muhammad Dawood (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.