With the proliferation of IoT devices, researchers have developed a variety of IoT device identification methods with the assistance of machine learning. Nevertheless, the security of these identification methods mostly depends on collected training data. In this research, we propose a novel attack strategy named IoTGAN to manipulate an IoT device's traffic such that it can evade machine learning based IoT device identification. In the development of IoTGAN, we have two major technical challenges: (i) How to obtain the discriminative model in a black-box setting, and (ii) How to add perturbations to IoT traffic through the manipulative model, so as to evade the identification while not influencing the functionality of IoT devices. To address these challenges, a neural network based substitute model is used to fit the target model in black-box settings, it works as a discriminative model in IoTGAN. A manipulative model is trained to add adversarial perturbations into the IoT device's traffic to evade the substitute model. Experimental results show that IoTGAN can successfully achieve the attack goals. We also develop efficient countermeasures to protect machine learning based IoT device identification from been undermined by IoTGAN.

翻译：随着物联网设备的激增，研究人员借助机器学习开发了多种物联网设备识别方法。然而，这些识别方法的安全性主要依赖于采集的训练数据。本研究提出一种名为IoTGAN的新型攻击策略，通过操纵物联网设备的流量，使其能够规避基于机器学习的物联网设备识别。在IoTGAN的开发中，我们面临两大技术挑战：（i）如何在黑盒场景下获取判别模型，（ii）如何通过操纵模型向物联网流量添加扰动，从而在避免影响物联网设备功能的前提下规避识别。为应对这些挑战，我们采用基于神经网络的替代模型来拟合黑盒场景下的目标模型，该模型在IoTGAN中充当判别器。同时训练一个操纵模型，向物联网设备流量中添加对抗性扰动以规避替代模型。实验结果表明，IoTGAN能够成功实现攻击目标。我们还开发了有效的防御措施，以保护基于机器学习的物联网设备识别免受IoTGAN的破坏。