MMODELYST
Papers/A No-Defense Defense Against Gradient-Based Adversarial Attacks on ML-NIDS: Is Less More?
PAP

A No-Defense Defense Against Gradient-Based Adversarial Attacks on ML-NIDS: Is Less More?

May 18, 2026

arXiv
Abstract

Gradient-based adversarial attacks subtly manipulate inputs of Machine Learning (ML) models to induce incorrect predictions. This paper investigates whether careful architectural choices alone can yield an inherently robust Deep Neural Network (DNN)-based Network Intrusion Detection Systems (NIDS), without any additional explicit defenses. Through thousands of experiments, around 2200, varying network depth, feature dimensionality, activation functions, and dropout across FGSM, PGD, and BIM attacks, we show that shallower networks, reduced feature sets, and ReLU activation consistently and jointly reduce adversarial vulnerability. Moreover, a simple model following this recipe outperforms deeper, fully-featured adversarially trained models, while maintaining near-perfect clean-traffic detection and lower training times. Nevertheless, while less is more, the selection of the right less is what truly matters.

Select text to highlight · click a highlight to remove · saved in this browser only
Authors
Mohamed elShehaby, Ashraf Matrawy
Your notes (browser-local)
saved
arXiv:2605.18666