Open Access

ARTICLE

Improving Security-Sensitive Deep Learning Models through Adversarial Training and Hybrid Defense Mechanisms

Xuezhi Wen¹, Eric Danso^2,*, Solomon Danso²

1 Department School of Computer Science and School of Cyber Science and Engineering, Nanjing University of Information Science and Technology, Nanjing, 210044, China
2 School of Computer Science, Nanjing University of Information Science and Technology, Nanjing, 210044, China

* Corresponding Author: Eric Danso. Email:

Journal of Cyber Security 2025, 7, 45-69. https://doi.org/10.32604/jcs.2025.063606

Received 19 January 2025; Accepted 15 April 2025; Issue published 08 May 2025

Abstract

Deep learning models have achieved remarkable success in healthcare, finance, and autonomous systems, yet their security vulnerabilities to adversarial attacks remain a critical challenge. This paper presents a novel dual-phase defense framework that combines progressive adversarial training with dynamic runtime protection to address evolving threats. Our approach introduces three key innovations: multi-stage adversarial training with TRADES (Tradeoff-inspired Adversarial Defense via Surrogate-loss minimization) loss that progressively scales perturbation strength, maintaining 85.10% clean accuracy on CIFAR-10 (Canadian Institute for Advanced Research 10-class dataset) while improving robustness; a hybrid runtime defense integrating feature manipulation, statistical anomaly detection, and adaptive ensemble learning; and a 40% reduction in computational costs compared to (Projected Gradient Descent) PGD-based methods. Experimental results demonstrate state-of-the-art performance, achieving 66.50% adversarial accuracy on CIFAR-10 (outperforming TRADES by 12%) and 70.50% robustness against FGSM (Fast Gradient Sign Method) attacks on GTSRB (German Traffic Sign Recognition Benchmark). Statistical validation (p < 0.05) confirms the reliability of these improvements across multiple attack scenarios. The framework’s significance lies in its practical deployability for security-sensitive applications: in autonomous systems, it prevents adversarial spoofing of traffic signs (89.20% clean accuracy on GTSRB); in biometric security, it resists authentication bypass attempts; and in financial systems, it maintains fraud detection accuracy under attack. Unlike existing defenses that trade robustness for efficiency, our method simultaneously optimizes both through its unique combination of proactive training and reactive runtime mechanisms. This work provides a foundational advancement in adversarial defense, offering a scalable solution for protecting AI systems in healthcare diagnostics, intelligent transportation, and other critical domains where model integrity is paramount. The proposed framework establishes a new paradigm for developing attack-resistant deep learning systems without compromising computational practicality.

---

Keywords

---