Investigating the impact of feature selection on adversarial transferability in intrusion detection system

Abstract

Adversarial attacks pose a serious threat to cybersecurity systems, particularly intrusion detection systems (IDSs). The property of transferability exacerbates this threat, as attacks designed to fool one IDS model can often fool others in black-box settings. Despite significant efforts to mitigate this property, the impact of feature selection on attack transferability remains unknown. This study investigates adversarial transferability across various machine learning (ML) and deep learning (DL) models used in IDSs. Two transferability scenarios are investigated: inter-model and intra-model transferability. We trained multiple IDS models, including support vector machine (SVM), random forest (RF), decision tree (DT), logistic regression (LR), and deep neural networks (DNNs) with different architectures, on feature subsets from various techniques. These IDS models are then subjected to a black-box attack using the zeroth-order optimization (ZOO) method. With the IoT-23 and UNSW-NB15 datasets, we evaluated transferability across different IDS models and feature subsets. The results show significant variations in transferability, with certain feature subsets notably reducing the attack success rate (ASR). Specifically, we recorded a reduction in ASR ranging from 99.9% to 0% depending on the feature subset and the target IDS model. These findings highlight the impact of feature selection on disrupting attack transferability, and suggest that IDS models trained with appropriate feature subsets are more robust to adversarial transferability.