Detection of on-manifold adversarial attacks via latent space transformation

Authors/Creators

Mohmmad Al-Fawa'reh, Edith Cowan UniversityFollow
Jumana Abu-khalaf, Edith Cowan UniversityFollow
Naeem Janjua, Edith Cowan UniversityFollow
Patryk Szewczyk, Edith Cowan UniversityFollow

Author Identifier (ORCID)

Mohmmad Al-Fawa'reh: https://orcid.org/0000-0002-5621-4126

Jumana Abu-khalaf: https://orcid.org/0000-0002-6651-2880

Naeem Janjua: https://orcid.org/0000-0003-0483-8196

Patryk Szewczyk: https://orcid.org/0000-0003-3040-9344

Abstract

Out-of-distribution (OOD) generalization is critical for reliable intrusion detection systems (IDS), yet current methods often falter against stealthy, on-manifold adversarial attacks that mimic ID data. To solve this challenge, we propose a semi-supervised approach that applies an invertible transformation to the latent space and leverages changes in differential entropy to detect OOD samples. Experiments on the KDD99 and X-IIoTID datasets demonstrate that our approach outperforms state-of-the-art defenses, providing enhanced robustness and generalizability for IDS.

Document Type

Journal Article

Date of Publication

7-1-2025

Volume

154

Publication Title

Computers and Security

Publisher

Elsevier

School

Centre for Artificial Intelligence and Machine Learning (CAIML) / School of Science

Comments

Al-Fawa’reh, M., Abu-Khalaf, J., Janjua, N., & Szewczyk, P. (2025). Detection of on-manifold adversarial attacks via latent space transformation. Computers & Security, 154, 104431. https://doi.org/10.1016/j.cose.2025.104431

Copyright

subscription content

Publication Unique Identifier

10.1016/j.cose.2025.104431