Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Robustness of Traffic Classification under Resource Constraints: Input Structure Matters

Adel Chehade, Edoardo Ragusa, Paolo Gastaldo, Rodolfo Zunino

TL;DR

This work tackles secure traffic classification on edge devices by leveraging hardware-aware neural architecture search (HW-NAS) to produce compact models under strict resource limits. It systematically compares two input representations—flattened byte sequences and 2D packet-wise time-series—to study how input structure influences adversarial vulnerability under FGSM and PGD, followed by adversarial fine-tuning as a defensive measure. The study shows that the flat-byte input is generally more robust than the time-series form under perturbations, and that adversarial training can markedly improve robustness while preserving edge-friendly efficiency. The resulting architectures achieve high clean-data accuracy within tight budgets and are suitable for deployment on IoT and embedded edge platforms, highlighting practical strategies for robust edge TC.

Abstract

Traffic classification (TC) plays a critical role in cybersecurity, particularly in IoT and embedded contexts, where inspection must often occur locally under tight hardware constraints. We use hardware-aware neural architecture search (HW-NAS) to derive lightweight TC models that are accurate, efficient, and deployable on edge platforms. Two input formats are considered: a flattened byte sequence and a 2D packet-wise time series; we examine how input structure affects adversarial vulnerability when using resource-constrained models. Robustness is assessed against white-box attacks, specifically Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). On USTC-TFC2016, both HW-NAS models achieve over 99% clean-data accuracy while remaining within 65k parameters and 2M FLOPs. Yet under perturbations of strength 0.1, their robustness diverges: the flat model retains over 85% accuracy, while the time-series variant drops below 35%. Adversarial fine-tuning delivers robust gains, with flat-input accuracy exceeding 96% and the time-series variant recovering over 60 percentage points in robustness, all without compromising efficiency. The results underscore how input structure influences adversarial vulnerability, and show that even compact, resource-efficient models can attain strong robustness, supporting their practical deployment in secure edge-based TC.

Adversarial Robustness of Traffic Classification under Resource Constraints: Input Structure Matters

TL;DR

This work tackles secure traffic classification on edge devices by leveraging hardware-aware neural architecture search (HW-NAS) to produce compact models under strict resource limits. It systematically compares two input representations—flattened byte sequences and 2D packet-wise time-series—to study how input structure influences adversarial vulnerability under FGSM and PGD, followed by adversarial fine-tuning as a defensive measure. The study shows that the flat-byte input is generally more robust than the time-series form under perturbations, and that adversarial training can markedly improve robustness while preserving edge-friendly efficiency. The resulting architectures achieve high clean-data accuracy within tight budgets and are suitable for deployment on IoT and embedded edge platforms, highlighting practical strategies for robust edge TC.

Abstract

Traffic classification (TC) plays a critical role in cybersecurity, particularly in IoT and embedded contexts, where inspection must often occur locally under tight hardware constraints. We use hardware-aware neural architecture search (HW-NAS) to derive lightweight TC models that are accurate, efficient, and deployable on edge platforms. Two input formats are considered: a flattened byte sequence and a 2D packet-wise time series; we examine how input structure affects adversarial vulnerability when using resource-constrained models. Robustness is assessed against white-box attacks, specifically Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). On USTC-TFC2016, both HW-NAS models achieve over 99% clean-data accuracy while remaining within 65k parameters and 2M FLOPs. Yet under perturbations of strength 0.1, their robustness diverges: the flat model retains over 85% accuracy, while the time-series variant drops below 35%. Adversarial fine-tuning delivers robust gains, with flat-input accuracy exceeding 96% and the time-series variant recovering over 60 percentage points in robustness, all without compromising efficiency. The results underscore how input structure influences adversarial vulnerability, and show that even compact, resource-efficient models can attain strong robustness, supporting their practical deployment in secure edge-based TC.

Paper Structure

This paper contains 25 sections, 3 equations, 1 figure, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Traffic Classification and Input Representations
  4. Neural Architecture Search under Hardware Constraints
  5. Adversarial Robustness in Traffic Classification
  6. Methodology
  7. Input Representation
  8. Designing Compact Models under Hardware Constraints
  9. Designing Compact Models under Hardware Constraints
  10. Problem Formulation
  11. Search Space and Architecture Design
  12. Evolutionary NAS Algorithm
  13. Post-Hoc Robustness Analysis
  14. White-Box Adversarial Evaluation
  15. Fine-Tuning as Defensive Adaptation
  16. ...and 10 more sections

Figures (1)

  • Figure 1: Performance metrics comparison on USTC-TFC2016.