RUS  ENG
Full version
JOURNALS // Vestnik of Astrakhan State Technical University. Series: Management, Computer Sciences and Informatics // Archive
Vestn. Astrakhan State Technical Univ. Ser. Management, Computer Sciences and Informatics, 2025 Number 2, Pages 76–87 (Mi vagtu846)
COMPUTER SOFTWARE AND COMPUTING EQUIPMENT

Investigating the resistance of intrusion detection systems with machine learning components to adversarial attacks

E. A. Ichetovkin

St. Petersburg Federal Research Center of the Russian Academy of Sciences, Saint Petersburg, Russia

Abstract: With the rapid development of cyber threats, modern intrusion detection systems are becoming a key element of information infrastructure protection. Their task is not only to identify known attacks, but also to detect new, previously unknown threats, including complex targeted attacks. However, machine learning (ML) algorithms themselves can become targets of attacks aimed at bypassing them and manipulating detection results. A detailed study is being conducted on the vulnerability of ML models to targeted malicious influences, including evasion attacks, when an attacker intentionally modifies input data in order to circumvent security mechanisms. The research methodology includes an analysis of existing defensive strategies, as well as modeling various attack scenarios to assess the resilience of algorithms. Classical metrics are used as performance criteria: accuracy, completeness, and $F$-measure. The indicators allow us to assess both the quality of detection and the degree of degradation of the model under the influence of attacks. The practical value of the research lies in conducting a comprehensive comparative analysis of the stability of various ML models, including popular solutions used in industrial security systems. For the first time, several types of classifiers are being tested (for example, single-class vector ML, random forests, and deep neural networks) under targeted attacks that simulate the actions of an advanced attacker attacking ML components of intrusion detection systems of complex infrastructure. The results of the experimental evaluation turned out to be alarming – none of the considered models demonstrated sufficient resistance to the attacks under study. This indicates the systemic vulnerability of modern defense ML methods used in cybersecurity and underlines the need to develop new defense mechanisms that are resistant to targeted counteraction. The data obtained can be used to improve intrusion detection algorithms and create more reliable protection systems.

Keywords: cybersecurity, intrusion detection systems, machine learning components, evasion attacks, defense resilience.

UDC: 004

Received: 21.03.2025
Accepted: 30.04.2025

DOI: 10.24143/2072-9502-2025-2-76-87


© Steklov Math. Inst. of RAS, 2026