The Internet of Things (IoT) faces tremendous security challenges. Machine learning models can be used to tackle the growing number of cyber-attack variations targeting IoT systems, but the increasing threat posed by adversarial attacks restates the need for reliable defense strategies. This work describes the types of constraints required for a realistic adversarial cyber-attack example and proposes a methodology for a trustworthy adversarial robustness analysis with a realistic adversarial evasion attack vector. The proposed methodology was used to evaluate three supervised algorithms, Random Forest (RF), Extreme Gradient Boosting (XGB), and Light Gradient Boosting Machine (LGBM), and one unsupervised algorithm, Isolation Forest (IFOR). Constrained adversarial examples were generated with the Adaptative Perturbation Pattern Method (A2PM), and evasion attacks were performed against models created with regular and adversarial training. Even though RF was the least affected in binary classification, XGB consistently achieved the highest accuracy in multi-class classification. The obtained results evidence the inherent susceptibility of tree-based algorithms and ensembles to adversarial evasion attacks and demonstrates the benefits of adversarial training and a security by design approach for a more robust IoT network intrusion detection and cyber-attack classification.

翻译：物联网（IoT）面临严峻的安全挑战。机器学习模型可用于应对针对物联网系统日益增长的网络攻击变种，但对抗性攻击带来的威胁加剧了对可靠防御策略的需求。本文阐述了构建真实对抗性网络攻击示例所必需的条件约束，并提出了一种基于真实对抗性规避攻击向量的可信对抗鲁棒性分析方法。该方法被用于评估三种监督算法——随机森林（RF）、极端梯度提升（XGB）和轻量梯度提升机（LGBM），以及一种无监督算法——孤立森林（IFOR）。通过自适应扰动模式方法（A2PM）生成受限对抗示例，并对采用常规训练和对抗训练构建的模型实施规避攻击。结果表明，在二分类任务中RF受影响最小，而XGB在多分类任务中始终取得最高准确率。实验结果揭示了基于树结构的算法与集成方法对对抗性规避攻击的固有脆弱性，同时证明了对抗训练与安全设计方法在增强物联网网络入侵检测与网络攻击分类鲁棒性方面的有效性。