This work proposes a model-agnostic ensemble defense framework to address the vulnerability of machine learning models to evasion attacks. The approach integrates resilience-aware feature selection, noise-based data augmentation, and randomized sub-ensemble inference: it first selects a robust subset of features based on a resilience metric to train multiple base classifiers, then enhances unpredictability during inference by randomly activating a subset of ensemble members, and further strengthens decision boundaries by injecting noise during training. Experimental results demonstrate that the proposed framework substantially improves model robustness against various adversarial evasion attacks while maintaining high classification accuracy on clean data.

Evasion attacks present a significant challenge to the robustness of machine learning (ML)-based classifiers, particularly in critical applications such as fraud detection and cybersecurity. Although existing defense mechanisms are effective in some settings, they often suffer from limited generalizability and do not systematically improve model robustness across diverse attack scenarios. To address these limitations, we introduce Robust Ensemble of Selectively Strengthened and Augmented Predictors (RESSAP), a novel framework that transforms a single classifier into an ensemble of robust classifiers. Each classifier in the ensemble is trained on a carefully selected subset of features, where feature selection is guided by a resilience metric that accounts for both feature importance and robustness. During inference, a random subset of these classifiers is used to make predictions, increasing unpredictability and improving resistance to adversarial manipulation. In addition, noise-based data augmentation is applied during training to strengthen decision boundaries and improve generalization. Our experimental results demonstrate that RESSAP significantly improves robustness against adversarial evasion attacks while maintaining strong accuracy on clean data. Overall, this model-agnostic framework provides a scalable and flexible defense strategy for enhancing the security of machine learning systems without requiring major changes to existing architectures.