To address the vulnerability of machine learning–based intrusion detection systems (ML-IDS) in IoT environments to adversarial attacks and the lack of systematic methodologies for selecting optimal defense strategies, this paper proposes a sample-aware active defense engine. The engine integrates active learning with targeted data reduction to dynamically identify the most informative samples and assign them the optimal defense strategy via precise labeling. A two-stage learner models the strategy selection process, enabling joint optimization of adversarial sample identification, targeted sampling, and dynamic defense decision-making. Evaluated across multiple IDS datasets, the approach achieves an average 201% improvement in F1-score, attaining 96.2% of the Oracle upper bound—only a 3.8% gap—while reducing computational overhead by up to 29×. Its core innovation lies in being the first to introduce a sample-informativeness-driven active defense selection mechanism for enhancing ML-IDS robustness, significantly improving the balance between generalization capability and efficiency.

The rapid proliferation of the Internet of Things (IoT) continues to expose critical security vulnerabilities, necessitating the development of efficient and robust intrusion detection systems (IDS). Machine learning-based intrusion detection systems (ML-IDS) have significantly improved threat detection capabilities; however, they remain highly susceptible to adversarial attacks. While numerous defense mechanisms have been proposed to enhance ML-IDS resilience, a systematic approach for selecting the most effective defense against a specific adversarial attack remains absent. To address this challenge, we previously proposed DYNAMITE, a dynamic defense selection approach that identifies the most suitable defense against adversarial attacks through an ML-driven selection mechanism. Building on this foundation, we propose SAGE (Sample-Aware Guarding Engine), a substantially improved defense algorithm that integrates active learning with targeted data reduction. It employs an active learning mechanism to selectively identify the most informative input samples and their corresponding optimal defense labels, which are then used to train a second-level learner responsible for selecting the most effective defense. This targeted sampling improves computational efficiency, exposes the model to diverse adversarial strategies during training, and enhances robustness, stability, and generalizability. As a result, SAGE demonstrates strong predictive performance across multiple intrusion detection datasets, achieving an average F1-score improvement of 201% over the state-of-the-art defenses. Notably, SAGE narrows the performance gap to the Oracle to just 3.8%, while reducing computational overhead by up to 29x.