What problem does this paper attempt to address?

The problem that this paper attempts to solve is: as cyber - attacks become more and more complex, how to improve the robustness of machine learning (ML) models in network intrusion detection. Specifically, the paper aims to provide a systematic method to evaluate the adversarial robustness of different decision - tree - based ensemble models in enterprise computer networks for network - attack detection. By using standardized datasets to generate restricted adversarial samples and evaluating the randomly - forested (RF), XGBoost (XGB), LightGBM (LGBM) and Explainable Boosting Machine (EBM) models with regular training and adversarial training, to ensure that the robustness of these models is improved when facing adversarial cyber - attack examples without affecting their generalization ability for normal traffic. ### Main problem summary: 1. **Improving the robustness of ML models**: With the advancement of cyber - attack techniques, traditional ML models may not be able to effectively cope with new attack means. The goal of the paper is to improve the robustness of ML models through methods such as adversarial training. 2. **Standardizing evaluation conditions**: In order to reliably compare the robustness of different ML models, evaluation must be carried out under standardized conditions. Different studies adopt different evaluation methods, which makes it difficult to determine which models are most suitable for specific enterprise network environments. 3. **The influence of adversarial samples**: The paper explores the influence of adversarial samples (i.e., malicious inputs carefully designed to evade detection) on the performance of ML models and proposes a method to enhance the robustness of models through adversarial training. 4. **Dataset selection and processing**: The paper uses three standard datasets (CICIDS2017, NewCICIDS and HIKARI) to evaluate the robustness of models. These datasets represent network traffic at different time periods and of different types, which helps to more comprehensively understand the performance of models. ### Formula representation: - The adversarial - sample - generation method (such as A2PM) involves a small perturbation of feature values, and the formula can be represented as: \[ x_{\text{adv}}=x + \delta \] where \(x\) is the original sample, \(\delta\) is the added perturbation, and \(x_{\text{adv}}\) is the generated adversarial sample. - In adversarial training, the loss function usually combines the losses of the original sample and the adversarial sample, and the formula can be represented as: \[ L_{\text{adv}}=L(x, y)+L(x_{\text{adv}}, y) \] where \(L(x, y)\) is the loss of the original sample and \(L(x_{\text{adv}}, y)\) is the loss of the adversarial sample. Through this method, the paper hopes to provide enterprises with a reliable benchmark - testing method to select the ML model that best suits their network - security needs.