TND: Two-stage non-invasive defense of intrusion detection system from adversarial attack

Deep learning methods have demonstrated notable success in intrusion detection systems (IDS). However, these models exhibit inherent vulnerabilities to adversarial attacks, where minimal perturbations can cause misclassification. Current IDS implementations often lack built-in protections against such threats, creating exploitable security gaps. While existing defense approaches typically employ adversarial training or data purification to enhance robustness, they face critical limitations in online IDS scenarios: adversarial training requires computationally expensive model retraining that may degrade performance, while comprehensive data purification imposes significant resource overhead and risks misclassifying legitimate samples. To address these challenges, we propose TND—a novel two-stage non-invasive defense framework. TND first efficiently filters adversarial examples using Locality-Sensitive Hashing (LSH), then applies a contrastive learning-optimized denoising autoencoder for precise data purification. Experimental results show TND achieves 0.873 adversarial detection accuracy (comparable to MANDA’s 0.875) while reducing training time to just 3% of MANDA’s requirements. This yields superior operational efficiency, enabling 7% and 5% improvements in IDS classification rates on CICIDS2017 and NSL-KDD datasets respectively—without modifying the underlying IDS model. By combining low computational overhead with non-intrusive deployment, TND establishes a practical, scalable solution for real-world adversarial defense in IDS environments.