Guaranteeing the security of Machine Learning (ML) classifiers is essential for institutions relying on automated decision-making systems to prevent cyberattacks and fraudulent activities.
This project investigates adversarial attacks on ML models that classify network traffic data — a task commonly used in cybersecurity and traffic management.
Adversarial attacks generate adversarial examples, i.e., slightly modified inputs that cause the model to make incorrect predictions advantageous for the attacker, while remaining imperceptible and credible.
The work explores:
- The impact of adversarial attacks on tabular data classifiers
- The robustness of different ML models (Random Forest, Linear SVC, Neural Networks)
- The use of ART (Adversarial Robustness Toolbox) to generate adversarial examples
- Countermeasures such as adversarial training to improve model robustness
- Dataset: IP Network Traffic Flows Labeled with 87 Apps
- Reduced to 10 applications (YOUTUBE, AMAZON, GMAIL, WINDOWS UPDATE, SKYPE, FACEBOOK, DROPBOX, YAHOO, TWITTER, MSN)
- Features normalized and labels encoded
- Visualizations: histograms, scatter plots, box plots, correlation matrices
- Dimensionality reduction via PCA and t-SNE
- Unsupervised clustering
- Classifiers: Random Forest, Linear SVC, Neural Networks
- Hyperparameter tuning through cross-validation
- Evaluation metrics: Accuracy, Precision, Recall, F1-Score
- Random and feature-specific noise applied to test data
- Adversarial attacks implemented using FGSM and PGD from the Adversarial Robustness Toolbox (ART)
- Measurement of robust accuracy under different perturbation levels (ε)
- Adversarial training to enhance robustness
- Comparison between clean and adversarial accuracies
- Python 3
- scikit-learn
- PyTorch
- Adversarial Robustness Toolbox (ART)
- Pandas / NumPy
- Matplotlib / Seaborn
For detailed explanations, methodology, and results, please refer to the full report:
👉 Read the complete report here