The Internet of Things (IoT) faces tremendous security challenges. Machine learning models can be used to tackle the growing number of cyber-attack variations targeting IoT systems, but the increasing threat posed by adversarial attacks restates the need for reliable defense strategies. This work describes the types of constraints required for a realistic adversarial cyber-attack example and proposes a methodology for a trustworthy adversarial robustness analysis with a realistic adversarial evasion attack vector. The proposed methodology was used to evaluate three supervised algorithms, Random Forest (RF), Extreme Gradient Boosting (XGB), and Light Gradient Boosting Machine (LGBM), and one unsupervised algorithm, Isolation Forest (IFOR). Constrained adversarial examples were generated with the Adaptative Perturbation Pattern Method (A2PM), and evasion attacks were performed against models created with regular and adversarial training. Even though RF was the least affected in binary classification, XGB consistently achieved the highest accuracy in multi-class classification. The obtained results evidence the inherent susceptibility of tree-based algorithms and ensembles to adversarial evasion attacks and demonstrates the benefits of adversarial training and a security by design approach for a more robust IoT network intrusion detection and cyber-attack classification.

翻译：物联网（IoT）面临巨大的安全挑战。机器学习模型可用于应对针对物联网系统日益增多的网络攻击变种，但对抗性攻击构成的持续威胁重申了对可靠防御策略的需求。本文描述了现实对抗性网络攻击示例所需的各种约束类型，并提出了一种基于现实对抗逃避攻击向量的可信对抗鲁棒性分析方法。该方法被用于评估三种监督学习算法——随机森林（RF）、极端梯度提升（XGB）和轻量梯度提升机（LGBM），以及一种无监督算法——孤立森林（IFOR）。通过自适应扰动模式方法（A²PM）生成受约束的对抗性示例，并对采用常规训练和对抗训练构建的模型实施逃避攻击。尽管RF在二分类中受影响最小，但XGB在多分类中始终达到最高准确率。所得结果揭示了基于树的算法与集成方法对对抗逃避攻击的固有脆弱性，并证明了对抗训练及安全设计方法对于实现更鲁棒的物联网网络入侵检测与网络攻击分类的益处。