HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense

Kimia Tahayori; Sherif Saad; Mohammad Mamun; Saeed Samet

doi:10.5220/0013240700003899

HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense

Kimia Tahayori, Sherif Saad, Mohammad Mamun, Saeed Samet

2025

Abstract

Adversarial attacks compromise the integrity of machine learning models, posing significant risks in critical fields like autonomous driving, healthcare, and finance, where accuracy and security are paramount. Existing defenses against these attacks primarily involve adversarial training or architectural modifications to the models. However, many of these approaches are model-specific, limiting their applicability to other models and potentially degrading overall performance, including accuracy and generalization. Thus, there is a pressing need to explore model-agnostic defense strategies that do not rely on adversarial training, offering more adaptable and reliable solutions across various models. This study aims to evaluate the effectiveness of HybridMTD. This novel defense strategy integrates Moving Target Defense (MTD) with ensemble neural network models to enhance robustness against adversarial attacks without requiring adversarial training or internal changes to model architectures. By dynamically selecting a subset of models from a diverse pool for each evaluation and utilizing majority voting, HybridMTD increases unpredictability and strengthens the resilience of the defense mechanism. We conducted extensive experiments across four datasets—MNIST (image), Twitter Sentiment (text), KDD (tabular), and MIT-BIH (signals)—and assessed HybridMTD against seven advanced attacks, including evasion and poisoning attacks. The results consistently show that HybridMTD outperforms traditional MTD strategies and single-model methods, maintaining high accuracy and robustness across diverse attack types and datasets. This research underscores the potential of HybridMTD as an effective defense strategy, significantly improving model security and laying the foundation for further exploration of advanced defense mechanisms.

Download

Paper Citation

in Harvard Style

Tahayori K., Saad S., Mamun M. and Samet S. (2025). HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 72-83. DOI: 10.5220/0013240700003899

in Bibtex Style

@conference{icissp25,
author={Kimia Tahayori and Sherif Saad and Mohammad Mamun and Saeed Samet},
title={HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={72-83},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013240700003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense
SN - 978-989-758-735-1
AU - Tahayori K.
AU - Saad S.
AU - Mamun M.
AU - Samet S.
PY - 2025
SP - 72
EP - 83
DO - 10.5220/0013240700003899
PB - SciTePress