SoK：针对SDN-IoT网络中自主异常检测系统的深度学习方法的对抗性威胁的系统分析

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-09-19 DOI:10.1016/j.jisa.2025.104220

Tharindu Lakshan Yasarathna, Nhien-An Le-Khac

{"title":"SoK：针对SDN-IoT网络中自主异常检测系统的深度学习方法的对抗性威胁的系统分析","authors":"Tharindu Lakshan Yasarathna, Nhien-An Le-Khac","doi":"10.1016/j.jisa.2025.104220","DOIUrl":null,"url":null,"abstract":"<div><div>Integrating Software Defined Networking (SDN) and the Internet of Things (IoT) enhances network control and flexibility. Deep Learning (DL)-based Autonomous Anomaly Detection (AAD) systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in SDN-IoT environments. This Systematisation of Knowledge (SoK) study introduces a structured adversarial threat model and a comprehensive taxonomy of attacks, categorising them into data-level, model-level, and hybrid threats. Unlike previous studies, we systematically evaluate white-box, black-box, and grey-box attack strategies across popular benchmark datasets (CICIDS2017, InSDN, and CICIoT2023). Our findings reveal that adversarial attacks can reduce detection accuracy by up to 48.4%, with Membership Inference causing the most significant drop. Carlini & Wagner and DeepFool achieve high evasion success rates. However, adversarial training enhances robustness, and its high computational overhead limits the real-time deployment of SDN-IoT applications. We propose adaptive countermeasures, including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks. By integrating structured threat models, this study offers a more comprehensive approach to attack categorisation, impact assessment, and defence evaluation than previous research. Our work highlights critical vulnerabilities in existing DL-based AAD models and provides practical recommendations for improving resilience, interpretability, and computational efficiency. This study serves as a foundational reference for researchers and practitioners seeking to enhance DL-based AAD security in SDN-IoT networks, offering a systematic adversarial threat model and conceptual defence evaluation based on prior empirical studies.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104220"},"PeriodicalIF":3.7000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SoK: Systematic analysis of adversarial threats against deep learning approaches for autonomous anomaly detection systems in SDN-IoT networks\",\"authors\":\"Tharindu Lakshan Yasarathna, Nhien-An Le-Khac\",\"doi\":\"10.1016/j.jisa.2025.104220\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Integrating Software Defined Networking (SDN) and the Internet of Things (IoT) enhances network control and flexibility. Deep Learning (DL)-based Autonomous Anomaly Detection (AAD) systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in SDN-IoT environments. This Systematisation of Knowledge (SoK) study introduces a structured adversarial threat model and a comprehensive taxonomy of attacks, categorising them into data-level, model-level, and hybrid threats. Unlike previous studies, we systematically evaluate white-box, black-box, and grey-box attack strategies across popular benchmark datasets (CICIDS2017, InSDN, and CICIoT2023). Our findings reveal that adversarial attacks can reduce detection accuracy by up to 48.4%, with Membership Inference causing the most significant drop. Carlini & Wagner and DeepFool achieve high evasion success rates. However, adversarial training enhances robustness, and its high computational overhead limits the real-time deployment of SDN-IoT applications. We propose adaptive countermeasures, including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks. By integrating structured threat models, this study offers a more comprehensive approach to attack categorisation, impact assessment, and defence evaluation than previous research. Our work highlights critical vulnerabilities in existing DL-based AAD models and provides practical recommendations for improving resilience, interpretability, and computational efficiency. This study serves as a foundational reference for researchers and practitioners seeking to enhance DL-based AAD security in SDN-IoT networks, offering a systematic adversarial threat model and conceptual defence evaluation based on prior empirical studies.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"94 \",\"pages\":\"Article 104220\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625002571\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002571","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

将软件定义网络（SDN）与物联网（IoT）相结合，增强了网络的控制力和灵活性。基于深度学习（DL）的自主异常检测（AAD）系统通过在SDN-IoT网络中实现实时威胁检测来提高安全性。然而，这些系统仍然容易受到操纵输入数据或利用模型弱点的对抗性攻击，这大大降低了检测的准确性。现有研究缺乏对SDN-IoT环境中基于dl的AAD系统特有的对抗性漏洞的系统分析。这项知识系统化（SoK）研究引入了结构化的对抗性威胁模型和全面的攻击分类，将它们分为数据级、模型级和混合威胁。与之前的研究不同，我们系统地评估了流行基准数据集（CICIDS2017、InSDN和CICIoT2023）上的白盒、黑盒和灰盒攻击策略。我们的研究结果表明，对抗性攻击可以使检测准确率降低48.4%，其中成员推理导致的下降最为显著。Carlini &； Wagner和DeepFool实现了很高的逃避成功率。然而，对抗训练增强了鲁棒性，其高计算开销限制了SDN-IoT应用的实时部署。我们提出了自适应对策，包括实时对抗缓解、增强再培训机制和可解释的人工智能驱动的安全框架。通过整合结构化威胁模型，本研究提供了一种比以往研究更全面的攻击分类、影响评估和防御评估方法。我们的工作突出了现有基于dl的AAD模型中的关键漏洞，并为提高弹性、可解释性和计算效率提供了实用建议。本研究在前人实证研究的基础上，提出了系统的对抗性威胁模型和概念防御评估，可为SDN-IoT网络中基于dl的AAD安全性提升的研究人员和实践者提供基础参考。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SoK: Systematic analysis of adversarial threats against deep learning approaches for autonomous anomaly detection systems in SDN-IoT networks

Integrating Software Defined Networking (SDN) and the Internet of Things (IoT) enhances network control and flexibility. Deep Learning (DL)-based Autonomous Anomaly Detection (AAD) systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in SDN-IoT environments. This Systematisation of Knowledge (SoK) study introduces a structured adversarial threat model and a comprehensive taxonomy of attacks, categorising them into data-level, model-level, and hybrid threats. Unlike previous studies, we systematically evaluate white-box, black-box, and grey-box attack strategies across popular benchmark datasets (CICIDS2017, InSDN, and CICIoT2023). Our findings reveal that adversarial attacks can reduce detection accuracy by up to 48.4%, with Membership Inference causing the most significant drop. Carlini & Wagner and DeepFool achieve high evasion success rates. However, adversarial training enhances robustness, and its high computational overhead limits the real-time deployment of SDN-IoT applications. We propose adaptive countermeasures, including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks. By integrating structured threat models, this study offers a more comprehensive approach to attack categorisation, impact assessment, and defence evaluation than previous research. Our work highlights critical vulnerabilities in existing DL-based AAD models and provides practical recommendations for improving resilience, interpretability, and computational efficiency. This study serves as a foundational reference for researchers and practitioners seeking to enhance DL-based AAD security in SDN-IoT networks, offering a systematic adversarial threat model and conceptual defence evaluation based on prior empirical studies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.