The Internet of Things (IoT) faces tremendous security challenges. Machine learning models can be used to tackle the growing number of cyber-attack variations targeting IoT systems, but the increasing threat posed by adversarial attacks restates the need for reliable defense strategies. This work describes the types of constraints required for an adversarial cyber-attack example to be realistic and proposes a methodology for a trustworthy adversarial robustness analysis with a realistic adversarial evasion attack vector. The proposed methodology was used to evaluate three supervised algorithms, Random Forest (RF), Extreme Gradient Boosting (XGB), and Light Gradient Boosting Machine (LGBM), and one unsupervised algorithm, Isolation Forest (IFOR). Constrained adversarial examples were generated with the Adaptative Perturbation Pattern Method (A2PM), and evasion attacks were performed against models created with regular and adversarial training. Even though RF was the least affected in binary classification, XGB consistently achieved the highest accuracy in multi-class classification. The obtained results evidence the inherent susceptibility of tree-based algorithms and ensembles to adversarial evasion attacks and demonstrates the benefits of adversarial training and a security by design approach for a more robust IoT network intrusion detection.

翻译：物联网（IoT）面临巨大的安全挑战。机器学习模型可用于应对针对物联网系统日益增多的网络攻击变种，但对抗攻击构成的持续威胁重新凸显了对可靠防御策略的需求。本工作描述了实现对抗性网络攻击示例真实性所需的约束类型，并提出了一种基于真实对抗性逃避攻击向量的可信对抗鲁棒性分析方法。所提出的方法用于评估三种监督学习算法——随机森林（RF）、极限梯度提升（XGB）和轻量梯度提升机（LGBM），以及一种无监督学习算法——孤立森林（IFOR）。通过自适应扰动模式方法（A2PM）生成受约束的对抗性示例，并对通过常规训练和对抗训练建立的模型实施逃避攻击。尽管RF在二分类中受影响最小，但XGB在多分类中始终取得最高准确率。所得结果揭示了基于树的算法及集成方法对对抗性逃避攻击的固有敏感性，并证明了对抗训练与安全设计方法在实现更鲁棒的物联网网络入侵检测中的优势。