Classification and Analysis of Adversarial Machine Learning Attacks in IoT: a Label Flipping Attack Case Study

Abstract

With the increased usage of Internet of Things (IoT) devices in recent years, various Machine Learning (ML) algorithms have also developed dramatically for attack detection in this domain. However, the ML models are exposed to different classes of adversarial attacks that aim to fool a model into making an incorrect prediction. For instance, label manipulation or label flipping is an adversarial attack where the adversary attempts to manipulate the label of training data that causes the trained model biased and/or with decreased performance. However, the number of samples to be flipped in this category of attack can be restricted, giving the attacker a limited target selection. Due to the great significance of securing ML models against Adversarial Machine Learning (AML) attacks particularly in the IoT domain, this research presents an extensive review of AML in IoT. Then, a classification of AML attacks is presented based on the literature which sheds light on the future research in this domain. Next, this paper investigates the negative impact levels of applying the malicious label-flipping attacks on IoT data. We devise label-flipping scenarios for training a Support Vector Machine (SVM) model. The experiments demonstrate that the label flipping attacks impact the performance of ML models. These results can lead to designing more effective and powerful attack and defense mechanisms in adversarial settings. Finally, we show the weaknesses of the K-NN defense method against the random label flipping attack.