mtjikuzu/adversarial-robustness-energy-efficient-ids

Adversarial Robustness vs Energy Efficiency in Network Intrusion Detection

Does Model Compression Compromise Cybersecurity? A Study on the Sustainability-Security Tradeoff

---

🔑 Key Finding

Model compression can INCREASE adversarial robustness while reducing energy consumption.

70% magnitude pruning improves FGSM(ε=0.1) accuracy from 70.3% → 88.7% while cutting energy by ~48%. This contradicts the naive assumption that compressed models are more vulnerable.

📊 Results Summary

Configuration	Clean Acc	FGSM(0.1)	PGD(0.1)	Energy	Size (MB)
Full Model	99.98%	70.3%	67.0%	1.00x	0.249
Pruned 50%	99.98%	73.4%	69.4%	0.65x	0.249
Pruned 70%	99.88%	88.7%	85.9%	0.52x	0.249
Pruned 90%	75.7%	75.8%	75.8%	0.38x	0.249
Quantized 8-bit	99.97%	70.2%	67.0%	0.63x	0.062
Prune70% + Q8	99.89%	91.1%	89.8%	0.63x	0.062

🎯 Overview

This research investigates a critical question at the intersection of cybersecurity and sustainability: When we compress deep learning IDS models for energy efficiency, do we inadvertently create security vulnerabilities?

We systematically evaluate:

1. Magnitude-based pruning (30%, 50%, 70%, 90%)
2. Post-training quantization (32-bit, 16-bit, 8-bit)
3. Combined compression (pruning + quantization)

Against adversarial attacks:

• FGSM (Fast Gradient Sign Method) at ε = {0.01, 0.05, 0.1, 0.2, 0.3}
• PGD (Projected Gradient Descent) at ε = {0.01, 0.05, 0.1, 0.2}

📁 Repository Structure

├── README.md                    # This file
├── METHODOLOGY.md               # Full experimental design
├── experiment.py                # Complete working prototype
├── paper_draft.tex              # Springer ACSAR formatted paper
├── requirements.txt             # Dependencies
├── figures/
│   ├── fig1_pruning_robustness.png
│   ├── fig2_quantization_robustness.png
│   ├── fig3_pareto_energy_robustness.png
│   └── fig4_fgsm_sweep.png
└── results/
    └── full_results.csv

🚀 Quick Start

pip install torch scikit-learn datasets numpy pandas matplotlib
python experiment.py

The experiment loads CICIDS-2017 from HuggingFace, trains a DNN IDS, then systematically evaluates compressed variants under adversarial attacks.

📐 Why Pruning Improves Robustness

Our results align with recent findings (PwoA, 2210.04311; MAD, 2204.02738):

• Pruning removes low-magnitude "noise" weights that adversarial perturbations exploit
• Compressed representations are inherently more robust to input perturbations
• The regularization effect of sparsity acts as an implicit defense

This creates a win-win for sustainability: compressed models are both greener AND more secure.

📚 Key References

1. Goodfellow et al. "Explaining and Harnessing Adversarial Examples" (ICLR 2015)
2. Madry et al. "Towards Deep Learning Models Resistant to Adversarial Attacks" (ICLR 2018)
3. Bai et al. "Pruning Adversarially Robust Neural Networks without Adversarial Examples" (2022)
4. Lee et al. "Masking Adversarial Damage: Finding Adversarial Saliency for Robust and Sparse Network" (CVPR 2022)
5. Habib & Sharma. "Deep Learning in Advancing Proactive Cybersecurity for Smart Grid Networks" (2024)

📝 Conference

• Conference: ICISET 2026 — Namibia University of Science and Technology
• Track: Infrastructure, Security and Governance — Cybersecurity and Sustainability
• Deadline: July 27, 2026

Generated by ML Intern

This model repository was generated by ML Intern, an agent for machine learning research and development on the Hugging Face Hub.

• Try ML Intern: https://smolagents-ml-intern.hf.space
• Source code: https://github.com/huggingface/ml-intern

Usage

from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = "mtjikuzu/adversarial-robustness-energy-efficient-ids"
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id)

For non-causal architectures, replace AutoModelForCausalLM with the appropriate AutoModel class.