时间伪装物联网攻击的扰动弹性

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-06-23 DOI:10.1109/JIOT.2025.3582147

Xiaohui Li;Yuanyuan Li;Zhentian Zhong;Linfeng Tan;Junfeng Wang;Jiayong Liu

{"title":"时间伪装物联网攻击的扰动弹性","authors":"Xiaohui Li;Yuanyuan Li;Zhentian Zhong;Linfeng Tan;Junfeng Wang;Jiayong Liu","doi":"10.1109/JIOT.2025.3582147","DOIUrl":null,"url":null,"abstract":"The growing adoption of Internet of Things (IoT) devices has introduced significant challenges to network security due to their heterogeneous nature and temporal pattern vulnerabilities. Among the emerging threats, adversarial attacks targeting IoT network traffic have gained attention for their ability to evade traditional and machine learning (ML)-based network intrusion detection systems (NIDS). While prior work has focused on static adversarial perturbations, these approaches fail to account for the temporal dynamics inherent in IoT traffic. IoT networks exhibit time-dependent patterns driven by device behavior, environmental factors and user interactions, creating an opportunity for more sophisticated adversarial strategies. This article introduces a co-evolutionary adversarial framework termed dynamic adversarial temporal-camouflaged perturbation (ATCP) for IoT network attack traffic. ATCP dynamically segments network traffic into temporal intervals and applies targeted adversarial perturbations to each segment. By leveraging the temporal characteristics of IoT traffic, the proposed method generates subtle yet effective adversarial modifications that confuse NIDS by disrupting their ability to model time-dependent traffic patterns. Unlike static perturbation methods, ATCP provides valuable insights into adversarial attack methodologies, lays the foundation for developing more robust IoT security frameworks, and adapts to evolving traffic dynamics, making it a more effective and robust NIDS in real-world scenarios. Extensive experiments conducted on real-world IoT network datasets demonstrate that the proposed method achieves high evasion rates against ML based NIDS while preserving the functional integrity of IoT communications. Notably, among the four NIDS evaluated, KitNET experiences the most significant degradation, with its detection rate dropping from 93.07% to 18.55% after applying ATCP. Furthermore, ATCP exhibits strong adaptability across diverse IoT device types and network configurations, highlighting its generalizability.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 17","pages":"36488-36501"},"PeriodicalIF":8.9000,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Perturbation-Resilient for Temporal-Camouflaged IoT Attacks\",\"authors\":\"Xiaohui Li;Yuanyuan Li;Zhentian Zhong;Linfeng Tan;Junfeng Wang;Jiayong Liu\",\"doi\":\"10.1109/JIOT.2025.3582147\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The growing adoption of Internet of Things (IoT) devices has introduced significant challenges to network security due to their heterogeneous nature and temporal pattern vulnerabilities. Among the emerging threats, adversarial attacks targeting IoT network traffic have gained attention for their ability to evade traditional and machine learning (ML)-based network intrusion detection systems (NIDS). While prior work has focused on static adversarial perturbations, these approaches fail to account for the temporal dynamics inherent in IoT traffic. IoT networks exhibit time-dependent patterns driven by device behavior, environmental factors and user interactions, creating an opportunity for more sophisticated adversarial strategies. This article introduces a co-evolutionary adversarial framework termed dynamic adversarial temporal-camouflaged perturbation (ATCP) for IoT network attack traffic. ATCP dynamically segments network traffic into temporal intervals and applies targeted adversarial perturbations to each segment. By leveraging the temporal characteristics of IoT traffic, the proposed method generates subtle yet effective adversarial modifications that confuse NIDS by disrupting their ability to model time-dependent traffic patterns. Unlike static perturbation methods, ATCP provides valuable insights into adversarial attack methodologies, lays the foundation for developing more robust IoT security frameworks, and adapts to evolving traffic dynamics, making it a more effective and robust NIDS in real-world scenarios. Extensive experiments conducted on real-world IoT network datasets demonstrate that the proposed method achieves high evasion rates against ML based NIDS while preserving the functional integrity of IoT communications. Notably, among the four NIDS evaluated, KitNET experiences the most significant degradation, with its detection rate dropping from 93.07% to 18.55% after applying ATCP. Furthermore, ATCP exhibits strong adaptability across diverse IoT device types and network configurations, highlighting its generalizability.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 17\",\"pages\":\"36488-36501\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11047539/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11047539/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

物联网（IoT）设备的日益普及，由于其异构性和时间模式漏洞，给网络安全带来了重大挑战。在新兴威胁中，针对物联网网络流量的对抗性攻击因其逃避传统和基于机器学习（ML）的网络入侵检测系统（NIDS）的能力而受到关注。虽然之前的工作主要集中在静态对抗性扰动上，但这些方法无法解释物联网流量固有的时间动态。物联网网络表现出由设备行为、环境因素和用户交互驱动的时间依赖模式，为更复杂的对抗策略创造了机会。本文介绍了一种用于物联网网络攻击流量的共同进化对抗框架，称为动态对抗时间伪装扰动（ATCP）。ATCP动态地将网络流量分段为时间间隔，并对每个分段应用目标对抗性扰动。通过利用物联网流量的时间特征，所提出的方法产生微妙但有效的对抗性修改，通过破坏NIDS对时间相关流量模式的建模能力来混淆NIDS。与静态扰动方法不同，ATCP提供了对抗性攻击方法的宝贵见解，为开发更强大的物联网安全框架奠定了基础，并适应不断变化的流量动态，使其成为现实世界中更有效和更强大的NIDS。在真实的物联网网络数据集上进行的大量实验表明，所提出的方法在保持物联网通信功能完整性的同时，对基于ML的NIDS实现了高规避率。值得注意的是，在评估的四个NIDS中，KitNET的检测率下降最为明显，在使用ATCP后，其检测率从93.07%下降到18.55%。此外，ATCP对各种物联网设备类型和网络配置具有很强的适应性，突出了其通用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Perturbation-Resilient for Temporal-Camouflaged IoT Attacks

The growing adoption of Internet of Things (IoT) devices has introduced significant challenges to network security due to their heterogeneous nature and temporal pattern vulnerabilities. Among the emerging threats, adversarial attacks targeting IoT network traffic have gained attention for their ability to evade traditional and machine learning (ML)-based network intrusion detection systems (NIDS). While prior work has focused on static adversarial perturbations, these approaches fail to account for the temporal dynamics inherent in IoT traffic. IoT networks exhibit time-dependent patterns driven by device behavior, environmental factors and user interactions, creating an opportunity for more sophisticated adversarial strategies. This article introduces a co-evolutionary adversarial framework termed dynamic adversarial temporal-camouflaged perturbation (ATCP) for IoT network attack traffic. ATCP dynamically segments network traffic into temporal intervals and applies targeted adversarial perturbations to each segment. By leveraging the temporal characteristics of IoT traffic, the proposed method generates subtle yet effective adversarial modifications that confuse NIDS by disrupting their ability to model time-dependent traffic patterns. Unlike static perturbation methods, ATCP provides valuable insights into adversarial attack methodologies, lays the foundation for developing more robust IoT security frameworks, and adapts to evolving traffic dynamics, making it a more effective and robust NIDS in real-world scenarios. Extensive experiments conducted on real-world IoT network datasets demonstrate that the proposed method achieves high evasion rates against ML based NIDS while preserving the functional integrity of IoT communications. Notably, among the four NIDS evaluated, KitNET experiences the most significant degradation, with its detection rate dropping from 93.07% to 18.55% after applying ATCP. Furthermore, ATCP exhibits strong adaptability across diverse IoT device types and network configurations, highlighting its generalizability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.