Abstract
Network Intrusion Detection Systems (NIDSes) are crucial for securing various networks from malicious attacks. Recent developments in Deep Neural Networks (DNNs) have encouraged researchers to incorporate DNNs as the underlying detection engine for NIDS. However, DNNs are susceptible to adversarial attacks, where subtle modifications to input data result in misclassification, posing a significant threat to security-sensitive domains such as NIDS. Existing efforts in adversarial defenses predominantly focus on supervised classification tasks in Computer Vision, differing substantially from the unsupervised outlier detection tasks in NIDS. To bridge this gap, we introduce a novel method of generalized adversarial robustness and present NIDS-Vis, an innovative black-box algorithm that traverses the decision boundary of DNN-based NIDSes near given inputs. Through NIDS-Vis, we can visualize the geometry of the decision boundaries and examine their impact on performance and adversarial robustness. Our experiment uncovers a tradeoff between performance and robustness, and we propose two novel training techniques, feature space partition and distributional loss function, to enhance the generalized adversarial robustness of DNN-based NIDSes without significantly compromising performance.