ML Security PapersSoK: Systematic analysis of adversarial threats against deep learning approaches for autonomous anomaly detection systems in SDN-IoT networks
Tharindu Lakshan Yasarathna , Nhien-An Le-Khac
Published on arXiv
2509.26350
Input Manipulation Attack
OWASP ML Top 10 — ML01
Data Poisoning Attack
OWASP ML Top 10 — ML02
Membership Inference Attack
OWASP ML Top 10 — ML04
Key Finding
Adversarial attacks reduce DL-based anomaly detection accuracy by up to 48.4%, with Membership Inference causing the largest drop, while adversarial training improves robustness at prohibitive computational cost for real-time SDN-IoT deployment
Integrating SDN and the IoT enhances network control and flexibility. DL-based AAD systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in SDN-IoT environments. This SoK study introduces a structured adversarial threat model and a comprehensive taxonomy of attacks, categorising them into data, model, and hybrid-level threats. Unlike previous studies, we systematically evaluate white, black, and grey-box attack strategies across popular benchmark datasets. Our findings reveal that adversarial attacks can reduce detection accuracy by up to 48.4%, with Membership Inference causing the most significant drop. C&W and DeepFool achieve high evasion success rates. However, adversarial training enhances robustness, and its high computational overhead limits the real-time deployment of SDN-IoT applications. We propose adaptive countermeasures, including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks. By integrating structured threat models, this study offers a more comprehensive approach to attack categorisation, impact assessment, and defence evaluation than previous research. Our work highlights critical vulnerabilities in existing DL-based AAD models and provides practical recommendations for improving resilience, interpretability, and computational efficiency. This study serves as a foundational reference for researchers and practitioners seeking to enhance DL-based AAD security in SDN-IoT networks, offering a systematic adversarial threat model and conceptual defence evaluation based on prior empirical studies.
Key Contributions
- Structured adversarial threat model and comprehensive taxonomy categorizing attacks into data, model, and hybrid-level threats for DL-based AAD systems in SDN-IoT
- Systematic comparative evaluation of white, black, and grey-box attack strategies (C&W, DeepFool, MIA) across popular benchmark datasets
- Proposed adaptive countermeasures including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks
🛡️ Threat Analysis
Explicitly evaluates inference-time input manipulation attacks including C&W and DeepFool achieving high evasion success rates against DL-based anomaly detectors.
Taxonomy explicitly categorizes data-level threats including training data poisoning attacks against the anomaly detection models.
Membership inference is explicitly evaluated and identified as the most damaging attack, reducing detection accuracy by up to 48.4%.