Table of Contents
Fetching ...

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

Mohammad Shamim Ahsan, Peng Liu

TL;DR

This work reveals a practical FPR manipulation attack (FPA) against ML-based NIDS in Industrial IoT by crafting benign MQTT PUBLISH packets that mislead detectors without relying on gradient-based methods. It leverages domain-specific MQTT knowledge to perturb protocol fields while preserving validity, achieving ASR of 80.19%–100% and causing meaningful SOC delays, even under normal operation. The authors provide a comprehensive evaluation on the Edge-IIoTset and analyze the attack with XAI tools such as SHAP, t-SNE, and UMAP, showing distributional shifts and feature-level drivers. They also explore adversarial training as a defense, finding that while FPA can be mitigated, per-class detection performance and data representations can degrade, highlighting a critical trade-off and the need for robust defenses in IIoT NIDS.

Abstract

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of (maliciously) perturbed benign packets being misclassified as attack has been largely ignored. In this paper, we demonstrate that this is not only theoretically possible, but also a particular threat to NIDS. In particular, we uncover a practical cyberattack, FPR manipulation attack (FPA), especially targeting industrial IoT networks, where domain-specific knowledge of the widely used MQTT protocol is exploited and a systematic simple packet-level perturbation is performed to alter the labels of benign traffic samples without employing traditional gradient-based or non-gradient-based methods. The experimental evaluations demonstrate that this novel attack results in a success rate of 80.19% to 100%. In addition, while estimating impacts in the Security Operations Center, we observe that even a small fraction of false positive alerts, irrespective of different budget constraints and alert traffic intensities, can increase the delay of genuine alerts investigations up to 2 hr in a single day under normal operating conditions. Furthermore, a series of relevant statistical and XAI analyses is conducted to understand the key factors behind this remarkable success. Finally, we explore the effectiveness of the FPA packets to enhance models' robustness through adversarial training and investigate the changes in decision boundaries accordingly.

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

TL;DR

This work reveals a practical FPR manipulation attack (FPA) against ML-based NIDS in Industrial IoT by crafting benign MQTT PUBLISH packets that mislead detectors without relying on gradient-based methods. It leverages domain-specific MQTT knowledge to perturb protocol fields while preserving validity, achieving ASR of 80.19%–100% and causing meaningful SOC delays, even under normal operation. The authors provide a comprehensive evaluation on the Edge-IIoTset and analyze the attack with XAI tools such as SHAP, t-SNE, and UMAP, showing distributional shifts and feature-level drivers. They also explore adversarial training as a defense, finding that while FPA can be mitigated, per-class detection performance and data representations can degrade, highlighting a critical trade-off and the need for robust defenses in IIoT NIDS.

Abstract

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of (maliciously) perturbed benign packets being misclassified as attack has been largely ignored. In this paper, we demonstrate that this is not only theoretically possible, but also a particular threat to NIDS. In particular, we uncover a practical cyberattack, FPR manipulation attack (FPA), especially targeting industrial IoT networks, where domain-specific knowledge of the widely used MQTT protocol is exploited and a systematic simple packet-level perturbation is performed to alter the labels of benign traffic samples without employing traditional gradient-based or non-gradient-based methods. The experimental evaluations demonstrate that this novel attack results in a success rate of 80.19% to 100%. In addition, while estimating impacts in the Security Operations Center, we observe that even a small fraction of false positive alerts, irrespective of different budget constraints and alert traffic intensities, can increase the delay of genuine alerts investigations up to 2 hr in a single day under normal operating conditions. Furthermore, a series of relevant statistical and XAI analyses is conducted to understand the key factors behind this remarkable success. Finally, we explore the effectiveness of the FPA packets to enhance models' robustness through adversarial training and investigate the changes in decision boundaries accordingly.
Paper Structure (18 sections, 2 equations, 13 figures, 9 tables)

This paper contains 18 sections, 2 equations, 13 figures, 9 tables.

Figures (13)

  • Figure 1: Threat model of FPR manipulation attack
  • Figure 2: Overview of FPR manipulation attack
  • Figure 3: Format of an MQTT CONNECT packet
  • Figure 4: Structure of a crafted MQTT PUBLISH packet
  • Figure 5: (a)-(b) Fixed budget, varying alert traffic intensity: (a) 1 h, (b) 1 day; (c)-(d) Varying budget, fixed alert traffic intensity: (c) 1 h, (d) 1 day
  • ...and 8 more figures