arxiv: 2601.14505 · v2 · submitted 2026-01-20 · 💻 cs.CR · cs.LG

Recognition: no theorem link

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

Mohammad Shamim Ahsan , Peng Liu

Authors on Pith no claims yet

Pith reviewed 2026-05-16 12:07 UTC · model grok-4.3

classification 💻 cs.CR cs.LG

keywords FPR manipulation attackMQTTindustrial IoTNIDSadversarial attackfalse positivesnetwork securityIoT security

0 comments

The pith

Benign IoT traffic can be turned into attacks for NIDS through simple MQTT-based packet perturbations with 80-100% success.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that machine learning-based network intrusion detection systems in industrial IoT are vulnerable to a new type of attack called FPR manipulation attack. This attack uses knowledge of the MQTT protocol to make small changes to benign packets so that they are labeled as malicious by the detection models. The changes are simple and do not require the usual complex adversarial techniques. If correct, this means that attackers can flood security teams with false alarms, delaying the response to real threats by as much as two hours in a single day. The authors also show how these same perturbed packets can be used to train more robust models.

Core claim

The paper uncovers the FPR manipulation attack (FPA) that specifically targets industrial IoT networks by exploiting domain knowledge of the MQTT protocol to perform systematic simple packet-level perturbations on benign traffic samples. These perturbations alter the labels assigned by NIDS models from benign to attack without using traditional gradient-based or non-gradient-based adversarial methods, achieving success rates between 80.19% and 100%. The work further demonstrates the impact on Security Operations Centers where small numbers of such false positives can delay genuine alert investigations by up to 2 hours daily, and uses statistical and explainable AI analyses to identify key 2-

What carries the argument

The FPR manipulation attack (FPA) using MQTT protocol domain knowledge for simple packet-level perturbations to flip benign traffic labels in NIDS models.

If this is right

Even a small fraction of false positive alerts from FPA can increase the delay of genuine alert investigations by up to 2 hours in a single day.
FPA packets can enhance NIDS model robustness when used in adversarial training.
Decision boundaries in the models shift when trained with FPA packets.
Statistical and XAI analyses identify key factors driving the high success rate of the attack.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This type of attack could potentially be adapted to other common IoT communication protocols besides MQTT.
Monitoring traffic for specific MQTT packet perturbation patterns might serve as an early detection method for such manipulations.
Testing the attack against a wider variety of NIDS architectures would clarify its generality in real industrial settings.

Load-bearing premise

The assumption that simple non-gradient MQTT-based packet perturbations can reliably flip the labels of benign traffic in real-world deployed NIDS models under industrial IoT conditions.

What would settle it

Running the perturbed packets through the NIDS models on independent industrial IoT datasets and checking if the misclassification success rate falls significantly below 80% or if the perturbations are flagged as anomalous by the system itself.

Figures

Figures reproduced from arXiv: 2601.14505 by Mohammad Shamim Ahsan, Peng Liu.

**Figure 1.** Figure 1: Threat model of FPR manipulation attack 1 In this work, we prefer to use the term “Server”, instead of “Broker” A router acts as the gateway to forward each client’s MQTT network packets to the MQTT server and forward the response packets back to the client. From the perspective of network firewalls and DPI, this traffic is generally first inspected by a packet filtering device or tool before being handled… view at source ↗

**Figure 3.** Figure 3: Format of an MQTT CONNECT packet a server with the ability to resume the previous session and store the current one based on the client identifier. However, the proposed attack works for either case, as it is independent of sessions (represented as ‘X’ in [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 2.** Figure 2: illustrates an overview of the proposed FPR manipulation attack (FPA). Specifically, an attacker needs to perform the following two steps to carry out this attack. 1) Use a compromised IIoT device to establish an MQTT connection handshake by carefully sending a CONNECT packet. Before that, creating a TCP connection is required as MQTT operates over the TCP/IP stack. 2) Strategically craft the payload and… view at source ↗

**Figure 4.** Figure 4: Structure of a crafted MQTT PUBLISH packet [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

**Figure 5.** Figure 5: (a)-(b) Fixed budget, varying alert traffic intensity: (a) 1 h, (b) 1 day; [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗

**Figure 6.** Figure 6: Illustration of different distance measures, specifically (a) Euclidean [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗

**Figure 7.** Figure 7: First three Figures, (a) to (c), illustrate the machine learning model’s [PITH_FULL_IMAGE:figures/full_fig_p011_7.png] view at source ↗

**Figure 8.** Figure 8: Figure (a) shows the change in decision boundaries after retraining with [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗

**Figure 9.** Figure 9: Events of the SOC during FPR manipulation attack [PITH_FULL_IMAGE:figures/full_fig_p015_9.png] view at source ↗

**Figure 10.** Figure 10: SHAP beeswarm summary plots of other machine learning-based [PITH_FULL_IMAGE:figures/full_fig_p016_10.png] view at source ↗

**Figure 11.** Figure 11: Confusion matrices for DCNNBiLSTM before (left) and after (right) adversarial training. Since the corresponding decision boundaries are already analyzed in § V, only the classes with significant deviations are shown. C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 Predicted Label C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 True Label 468 0 0 20 0 0 0 0 0 0 7 0 0 0 0 0 898 0 0 0 0 0 0 0 0 0 0 0 54 … view at source ↗

**Figure 12.** Figure 12: Confusion matrices for CNN-LSTM-GRU before (left) and after (right) adversarial training C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 Predicted Label C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 True Label 4666 0 0 82 0 0 0 0 0 0 57 0 0 0 0 0 8973 0 0 0 0 0 0 0 0 0 0 0 139 597 0 0 13559 0 10 19 0 0 0 0 0 0 0 0 0 0 0 0 10012 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 24314 0 0 0 0 0 0 0 0 0 0 31 0 0 25 0 115 … view at source ↗

**Figure 13.** Figure 13: Confusion matrices for SF-CNN-LSTM before (left) and after (right) adversarial training [PITH_FULL_IMAGE:figures/full_fig_p017_13.png] view at source ↗

read the original abstract

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of (maliciously) perturbed benign packets being misclassified as attack has been largely ignored. In this paper, we demonstrate that this is not only theoretically possible, but also a particular threat to NIDS. In particular, we uncover a practical cyberattack, FPR manipulation attack (FPA), especially targeting industrial IoT networks, where domain-specific knowledge of the widely used MQTT protocol is exploited and a systematic simple packet-level perturbation is performed to alter the labels of benign traffic samples without employing traditional gradient-based or non-gradient-based methods. The experimental evaluations demonstrate that this novel attack results in a success rate of 80.19% to 100%. In addition, while estimating impacts in the Security Operations Center, we observe that even a small fraction of false positive alerts, irrespective of different budget constraints and alert traffic intensities, can increase the delay of genuine alerts investigations up to 2 hr in a single day under normal operating conditions. Furthermore, a series of relevant statistical and XAI analyses is conducted to understand the key factors behind this remarkable success. Finally, we explore the effectiveness of the FPA packets to enhance models' robustness through adversarial training and investigate the changes in decision boundaries accordingly.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper introduces FPA as a new non-gradient attack that boosts false positives in IoT NIDS via MQTT packet tweaks, with reported high success and SOC delay estimates, but the experiments leave stealth and model details unaddressed.

read the letter

The main point is that this work flips the usual adversarial ML story for NIDS. Instead of hiding attacks as benign traffic, it shows how simple MQTT-based changes to benign packets can push them into the attack class, raising false positive rates. They claim success rates from 80 to 100 percent and tie even modest increases to up to two hours of extra SOC investigation time per day. The XAI and statistical sections try to explain the factors behind the flips, and they test whether adversarial training closes the gap. That practical angle on industrial IoT and the defense check are the useful parts. The idea of domain-specific perturbations without gradients is distinct from standard evasion work and could matter for critical infrastructure settings. The soft spots are straightforward. The abstract and available details give no information on the exact NIDS models, datasets, or how the perturbations were validated for statistical significance. More importantly, there is no check on whether the modified packets would be caught by anomaly detectors or other layers before reaching the classifier. Without that, the high success rates might only hold for models that already flag any deviation as malicious, which limits how much this represents a real stealthy threat. The paper is aimed at people working on ML security for IoT networks and NIDS robustness. A reader focused on adversarial examples or industrial control systems would get value from the new attack framing and the SOC impact numbers. It deserves peer review because the core claim is a clear departure from existing literature and the real-world tie-in is worth testing, even if the current experiments need more rigor on reproducibility and stealth.

Referee Report

3 major / 2 minor

Summary. The paper claims to introduce the FPR Manipulation Attack (FPA), a practical cyberattack on machine learning-based NIDS in industrial IoT networks. It exploits domain knowledge of the MQTT protocol to apply simple, non-gradient packet-level perturbations to benign traffic samples, flipping their labels to attack without traditional adversarial methods. Experimental results report success rates of 80.19% to 100%, with additional analysis of SOC impacts (e.g., up to 2-hour delays in genuine alert investigations), statistical/XAI explanations of success factors, and evaluation of the perturbations for improving model robustness via adversarial training.

Significance. If the central experimental claims hold under scrutiny, the work would be significant for highlighting an under-explored attack vector in NIDS: manipulation of false positive rates via benign traffic perturbations rather than the conventional focus on misclassifying attacks as benign. The MQTT-specific, non-gradient approach offers a low-complexity threat model relevant to resource-constrained IoT deployments, and the SOC delay analysis provides a concrete operational impact metric. The robustness experiments could inform practical defenses if the perturbations prove stealthy.

major comments (3)

[Experimental evaluations] Experimental evaluations section: The abstract and results report success rates of 80.19%–100% but provide no details on the specific NIDS models, datasets, exact MQTT packet perturbation parameters, statistical tests, or error bars. This leaves the central claim of reliable label flipping unverifiable and undermines reproducibility.
[Experimental evaluations] Stealthiness and practicality assessment: The experiments measure only label-flip success on the target classifier but report no anomaly scores, feature distances, or evaluations against secondary detectors to confirm that perturbed packets reach the NIDS without being filtered. Without this, the high success rates may not translate to practical threats in deployed SOC pipelines.
[SOC impact estimation] SOC impact analysis: The claim of up to 2-hour delays in genuine alert investigations from small fractions of false positives is presented without specifying the underlying alert traffic model, budget constraints, or simulation parameters, making it difficult to assess the quantitative validity of the operational impact.

minor comments (2)

[Abstract] The abstract could include a short statement on the datasets or NIDS architectures used to give readers immediate context for the reported success rates.
[Introduction] Notation for FPA and MQTT fields should be defined consistently on first use to improve readability for readers unfamiliar with industrial IoT protocols.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive comments, which help improve the clarity and reproducibility of our work. We address each major comment below and will revise the manuscript to incorporate additional details where needed.

read point-by-point responses

Referee: Experimental evaluations section: The abstract and results report success rates of 80.19%–100% but provide no details on the specific NIDS models, datasets, exact MQTT packet perturbation parameters, statistical tests, or error bars. This leaves the central claim of reliable label flipping unverifiable and undermines reproducibility.

Authors: We agree that additional specifics are required for full reproducibility. In the revised manuscript, we will expand the Experimental Evaluations section to explicitly list the NIDS models (including their architectures and hyperparameters), the datasets used, the precise MQTT packet perturbation parameters (e.g., targeted fields and modification rules), and report results with statistical tests (e.g., t-tests) and error bars from repeated trials. revision: yes
Referee: Stealthiness and practicality assessment: The experiments measure only label-flip success on the target classifier but report no anomaly scores, feature distances, or evaluations against secondary detectors to confirm that perturbed packets reach the NIDS without being filtered. Without this, the high success rates may not translate to practical threats in deployed SOC pipelines.

Authors: We acknowledge the importance of demonstrating that perturbed packets remain stealthy in realistic pipelines. The revised version will include new analyses reporting anomaly scores from the primary NIDS, feature-space distances (e.g., Euclidean or Manhattan), and evaluations against secondary detectors or rule-based filters to confirm the perturbations can reach the classifier without being dropped. revision: yes
Referee: SOC impact analysis: The claim of up to 2-hour delays in genuine alert investigations from small fractions of false positives is presented without specifying the underlying alert traffic model, budget constraints, or simulation parameters, making it difficult to assess the quantitative validity of the operational impact.

Authors: We will revise the SOC impact section to fully specify the underlying model (e.g., queuing theory assumptions and arrival process), budget constraints (e.g., analyst capacity), and simulation parameters (e.g., number of Monte Carlo runs, traffic intensity values). This will allow readers to reproduce and evaluate the reported delay figures. revision: yes

Circularity Check

0 steps flagged

No circularity: attack success is measured experimentally, not derived by construction

full rationale

The paper presents an experimental demonstration of the FPA attack on industrial IoT NIDS models using MQTT packet perturbations. Success rates (80.19%–100%) are reported as direct evaluation outcomes on traffic samples rather than quantities obtained by fitting parameters to a subset of data and then predicting related values, or by any self-referential definition. No equations, ansatzes, or uniqueness theorems are invoked in the provided text that reduce the central claim to its own inputs. The work is self-contained as an empirical attack study; the reported impacts on SOC alert delays are likewise observational. No load-bearing self-citations or renamings of known results appear in the derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The claim rests primarily on domain assumptions about NIDS vulnerability to label flipping via protocol knowledge and the practicality of packet perturbations in real IoT traffic; no free parameters or invented entities are explicitly introduced in the abstract.

axioms (1)

domain assumption Machine learning-based NIDS suffer from practical issues including imbalanced data and heterogeneous legitimate traffic that enable label alteration via simple perturbations
Explicitly stated in the abstract as the prevailing belief that has ignored benign-to-attack misclassification.

pith-pipeline@v0.9.0 · 5556 in / 1273 out tokens · 36322 ms · 2026-05-16T12:07:37.744867+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

88 extracted references · 88 canonical work pages · 11 internal anchors

[1]

Adversarial attacks against supervised machine learning based network intrusion detection systems,

E. Alshahrani, D. Alghazzawi, R. Alotaibi, and O. Rabie, “Adversarial attacks against supervised machine learning based network intrusion detection systems,”Plos one, vol. 17, no. 10, p. e0275971, 2022

work page 2022
[2]

Modeling realistic adversarial traffic against deep learning-based intrusion detection system in indus- trial IoT,

W. Yao, H. Peng, Q. Li, and X. Shen, “Modeling realistic adversarial traffic against deep learning-based intrusion detection system in indus- trial IoT,”IEEE Internet of Things Journal, 2025

work page 2025
[3]

Idsgan: Generative adversarial networks for attack generation against intrusion detection,

Z. Lin, Y. Shi, and Z. Xue, “Idsgan: Generative adversarial networks for attack generation against intrusion detection,” inPacific-asia conference on knowledge discovery and data mining. Springer, 2022, pp. 79–91

work page 2022
[4]

Adversarial examples for network intrusion detection systems,

R. Sheatsley, N. Papernot, M. J. Weisman, G. Verma, and P. McDaniel, “Adversarial examples for network intrusion detection systems,”Journal of Computer Security, vol. 30, no. 5, pp. 727–752, 2022

work page 2022
[5]

Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks,

O. Ibitoye, O. Shafiq, and A. Matrawy, “Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks,” in2019 IEEE global communications conference (GLOBECOM). IEEE, 2019, pp. 1–6

work page 2019
[6]

Adversarial attacks against deep learning-based network intrusion detection systems and defense mechanisms,

C. Zhang, X. Costa-Perez, and P. Patras, “Adversarial attacks against deep learning-based network intrusion detection systems and defense mechanisms,”IEEE/ACM Transactions on Networking, vol. 30, no. 3, pp. 1294–1311, 2022

work page 2022
[7]

TANTRA: Timing-based adversarial network traffic reshaping attack,

Y. Sharon, D. Berend, Y. Liu, A. Shabtai, and Y. Elovici, “TANTRA: Timing-based adversarial network traffic reshaping attack,”IEEE Trans- actions on Information Forensics and Security, vol. 17, pp. 3225–3237, 2022

work page 2022
[8]

Towards evaluation of NIDSs in adversarial setting,

M. J. Hashemi, G. Cusack, and E. Keller, “Towards evaluation of NIDSs in adversarial setting,” inProceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, 2019, pp. 14–21

work page 2019
[9]

Automatic evasion of machine learning-based network intrusion detec- tion systems,

H. Yan, X. Li, W. Zhang, R. Wang, H. Li, X. Zhao, F. Li, and X. Lin, “Automatic evasion of machine learning-based network intrusion detec- tion systems,”IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 1, pp. 153–167, 2023

work page 2023
[10]

Snort: Lightweight intrusion detection for networks

M. Roeschet al., “Snort: Lightweight intrusion detection for networks.” inLisa, vol. 99, no. 1, 1999, pp. 229–238

work page 1999
[11]

Bro: a system for detecting network intruders in real-time,

V. Paxson, “Bro: a system for detecting network intruders in real-time,” Computer networks, vol. 31, no. 23-24, pp. 2435–2463, 1999

work page 1999
[12]

Effect of imbalanced datasets on security of industrial IoT using machine learning,

M. Zolanvari, M. A. Teixeira, and R. Jain, “Effect of imbalanced datasets on security of industrial IoT using machine learning,” in2018 IEEE international conference on intelligence and security informatics (ISI). IEEE, 2018, pp. 112–117

work page 2018
[13]

A systematic review of metaheuristics-based and machine learning-driven intrusion detection systems in IoT,

M. S. Ahsan, S. Islam, and S. Shatabda, “A systematic review of metaheuristics-based and machine learning-driven intrusion detection systems in IoT,”Swarm and Evolutionary Computation, vol. 96, p. 101984, 2025

work page 2025
[14]

Adversarial machine learning for network intrusion detection systems: A comprehensive survey,

K. He, D. D. Kim, and M. R. Asghar, “Adversarial machine learning for network intrusion detection systems: A comprehensive survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 538–566, 2023

work page 2023
[15]

Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning,

M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning,”IEEE Access, vol. 10, pp. 40 281–40 306, 2022

work page 2022
[16]

De- tecting brittle decisions for free: Leveraging margin consistency in deep robust classifiers,

J. Ngnaw ´e, S. Sahoo, Y. Pequignot, F. Precioso, and C. Gagn ´e, “De- tecting brittle decisions for free: Leveraging margin consistency in deep robust classifiers,”Advances in Neural Information Processing Systems, vol. 37, pp. 23 301–23 324, 2024

work page 2024
[17]

Boundary thickness and robust- ness in learning models,

Y. Yang, R. Khanna, Y. Yu, A. Gholami, K. Keutzer, J. E. Gonzalez, K. Ramchandran, and M. W. Mahoney, “Boundary thickness and robust- ness in learning models,”Advances in Neural Information Processing Systems, vol. 33, pp. 6223–6234, 2020

work page 2020
[18]

On the Geometry of Adversarial Examples

M. Khoury and D. Hadfield-Menell, “On the geometry of adversarial examples,”arXiv preprint arXiv:1811.00525, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[19]

Exploring and exploiting decision boundary dynamics for adversarial robustness,

Y. Xu, Y. Sun, M. Goldblum, T. Goldstein, and F. Huang, “Exploring and exploiting decision boundary dynamics for adversarial robustness,” arXiv preprint arXiv:2302.03015, 2023

work page arXiv 2023
[20]

Explaining and Harnessing Adversarial Examples

I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,”arXiv preprint arXiv:1412.6572, 2014

work page internal anchor Pith review Pith/arXiv arXiv 2014
[21]

Towards Deep Learning Models Resistant to Adversarial Attacks

A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,”arXiv preprint arXiv:1706.06083, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[22]

The limitations of deep learning in adversarial settings,

N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, “The limitations of deep learning in adversarial settings,” in 2016 IEEE European symposium on security and privacy (EuroS&P). IEEE, 2016, pp. 372–387

work page 2016
[23]

ZOO: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models,

P.-Y. Chen, H. Zhang, Y. Sharma, J. Yi, and C.-J. Hsieh, “ZOO: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models,” inProceedings of the 10th ACM workshop on artificial intelligence and security, 2017, pp. 15–26

work page 2017
[24]

Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models

W. Brendel, J. Rauber, and M. Bethge, “Decision-based adversarial attacks: Reliable attacks against black-box machine learning models,” arXiv preprint arXiv:1712.04248, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[25]

Generating Natural Adversarial Examples

Z. Zhao, D. Dua, and S. Singh, “Generating natural adversarial exam- ples,”arXiv preprint arXiv:1710.11342, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[26]

MQTT version 3.1.1,

O. Standard, “MQTT version 3.1.1,”http://docs. oasis-open. org/mqt- t/mqtt/v3, vol. 1, p. 29, 2014

work page 2014
[27]

Access control enforcement within MQTT- based Internet of Things ecosystems,

P. Colombo and E. Ferrari, “Access control enforcement within MQTT- based Internet of Things ecosystems,” inProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, 2018, pp. 223–234

work page 2018
[28]

Authorization – MQTT security fundamentals,

HiveMQ Team, “Authorization – MQTT security fundamentals,” HiveMQ, 2024, [Online]. Available: https://www.hivemq.com/blog/mqtt- security-fundamentals-authorization/

work page 2024
[29]

mosquitto.conf man page,

Eclipse Mosquitto, “mosquitto.conf man page,” https://mosquitto.org/man/mosquitto-conf-5.html, [Online]

work page
[30]

Privacy-enhanced MQTT pro- tocol for massive iot,

A. Hue, G. Sharma, and J.-M. Dricot, “Privacy-enhanced MQTT pro- tocol for massive iot,”Electronics, vol. 11, no. 1, p. 70, 2021

work page 2021
[31]

On the use of open-source firewalls in IC- S/SCADA systems,

J. Nivethan and M. Papa, “On the use of open-source firewalls in IC- S/SCADA systems,”Information Security Journal: A Global Perspective, vol. 25, no. 1-3, pp. 83–93, 2016

work page 2016
[32]

Performance implications of packet filtering with Linux eBPF,

D. Scholz, D. Raumer, P. Emmerich, A. Kurtz, K. Lesiak, and G. Carle, “Performance implications of packet filtering with Linux eBPF,” in2018 30th International Teletraffic Congress (ITC 30), vol. 1. IEEE, 2018, pp. 209–217

work page 2018
[33]

Deep packet inspection in industrial automation control system to mitigate attacks exploiting Modbus/TCP vulnerabilities,

O. N. Nyasore, P. Zavarsky, B. Swar, R. Naiyeju, and S. Dabra, “Deep packet inspection in industrial automation control system to mitigate attacks exploiting Modbus/TCP vulnerabilities,” in2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Confere...

work page 2020
[34]

A survey on deep packet inspection,

R. T. El-Maghraby, N. M. Abd Elazim, and A. M. Bahaa-Eldin, “A survey on deep packet inspection,” in2017 12th International Confer- ence on Computer Engineering and Systems (ICCES). IEEE, 2017, pp. 188–197

work page 2017
[35]

Securing the IoT application layer from an MQTT protocol perspective: Challenges and research prospects,

S. Lakshminarayana, A. Praseed, and P. S. Thilagam, “Securing the IoT application layer from an MQTT protocol perspective: Challenges and research prospects,”IEEE Communications Surveys & Tutorials, 2024

work page 2024
[36]

The role of machine learning in cybersecurity,

G. Apruzzese, P. Laskov, E. Montes de Oca, W. Mallouli, L. Brdalo Rapa, A. V. Grammatopoulos, and F. Di Franco, “The role of machine learning in cybersecurity,”Digital Threats: Research and Practice, vol. 4, no. 1, pp. 1–38, 2023

work page 2023
[37]

Survey on categorical data for neural networks,

J. T. Hancock and T. M. Khoshgoftaar, “Survey on categorical data for neural networks,”Journal of big data, vol. 7, no. 1, p. 28, 2020

work page 2020
[38]

Team,MQTT Essentials: A Lightweight IoT Proto- col

H. Team,MQTT Essentials: A Lightweight IoT Proto- col. HiveMQ, n.d., ch. 4, p. 15, [Online]. Available: https://akhileshmoghe.github.io/assets/docs/iot/protocols/mqtt/hivemq- ebook-mqtt-essentials.pdf

work page
[39]

An analysis of TCP maximum segment sizes,

S. Alcock and R. Nelson, “An analysis of TCP maximum segment sizes,” 2010. 14

work page 2010
[40]

TCP MSS values – what’s changed?

G. Huston, “TCP MSS values – what’s changed?” APNIC Blog, Jul 2019, [Online]. Available: https://blog.apnic.net/2019/07/31/tcp-mss- values-whats-changed/

work page 2019
[41]

Transmission Control Protocol,

J. Postel, “Transmission Control Protocol,” IETF, RFC 793, Sep. 1981, section 3.1. [Online]. Available: https://www.rfc-editor.org/info/rfc793

work page 1981
[42]

A survey of data mining and machine learning methods for cyber security intrusion detection,

A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,”IEEE Commu- nications surveys & tutorials, vol. 18, no. 2, pp. 1153–1176, 2015

work page 2015
[43]

A detailed analysis of the KDD CUP 99 data set,

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, 2009, pp. 1–6

work page 2009
[44]

UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),

N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in2015 military communications and information systems conference (MilCIS). IEEE, 2015, pp. 1–6

work page 2015
[45]

Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset,

N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset,”Future Generation Computer Systems, vol. 100, pp. 779–796, 2019

work page 2019
[46]

Toward generating a new intrusion detection dataset and intrusion traffic characterization

I. Sharafaldin, A. H. Lashkari, A. A. Ghorbaniet al., “Toward generating a new intrusion detection dataset and intrusion traffic characterization.” ICISSp, vol. 1, pp. 108–116, 2018

work page 2018
[47]

A new distributed architecture for evaluating AI-based security systems at the edge: Network TON IoT datasets,

N. Moustafa, “A new distributed architecture for evaluating AI-based security systems at the edge: Network TON IoT datasets,”Sustainable Cities and Society, vol. 72, p. 102994, 2021

work page 2021
[48]

N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders,

Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Bre- itenbacher, and Y. Elovici, “N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders,”IEEE Pervasive Computing, vol. 17, no. 3, pp. 12–22, 2018

work page 2018
[49]

DCNNBiLSTM: An efficient hybrid deep learning-based intrusion detection system,

V. Hnamte and J. Hussain, “DCNNBiLSTM: An efficient hybrid deep learning-based intrusion detection system,”Telematics and Informatics Reports, vol. 10, p. 100053, 2023

work page 2023
[50]

Next–generation intrusion detection for IoT EVCS: Integrating CNN, LSTM, and GRU models,

D. Kilichev, D. Turimov, and W. Kim, “Next–generation intrusion detection for IoT EVCS: Integrating CNN, LSTM, and GRU models,” Mathematics, vol. 12, no. 4, p. 571, 2024

work page 2024
[51]

Integrating CNN- LSTM networks with statistical filtering techniques for intelligent IoT intrusion detection,

F. Imani, M. Kargar, A. Assadzadeh, and A. Bayani, “Integrating CNN- LSTM networks with statistical filtering techniques for intelligent IoT intrusion detection,” in2024 8th International Conference on Smart Cities, Internet of Things and Applications (SCIoT). IEEE, 2024, pp. 189–195

work page 2024
[52]

A hybrid CNN-LSTM model for IIoT edge privacy-aware intrusion detection,

E. M. de Elias, V. S. Carriel, G. W. De Oliveira, A. L. Dos Santos, M. Nogueira, R. H. Junior, and D. M. Batista, “A hybrid CNN-LSTM model for IIoT edge privacy-aware intrusion detection,” in2022 IEEE Latin-American Conference on Communications (LATINCOM). IEEE, 2022, pp. 1–6

work page 2022
[53]

A Baseline for Detecting Misclassified and Out-of-Distribution Examples in Neural Networks

D. Hendrycks and K. Gimpel, “A baseline for detecting misclassified and out-of-distribution examples in neural networks,”arXiv preprint arXiv:1610.02136, 2016

work page internal anchor Pith review Pith/arXiv arXiv 2016
[54]

Understanding softmax confidence and uncertainty,

T. Pearce, A. Brintrup, and J. Zhu, “Understanding softmax confidence and uncertainty,” 2021

work page 2021
[55]

Open MQTT Benchmarking Comparison: Mosquitto vs NanoMQ,

May Jin, “Open MQTT Benchmarking Comparison: Mosquitto vs NanoMQ,” https://www.emqx.com/en/blog/open-mqtt-benchmarking- comparison-mosquitto-vs-nanomq, [Online]

work page
[56]

Understanding tradeoffs between throughput, quality, and cost of alert analysis in a csoc,

A. Shah, R. Ganesan, S. Jajodia, and H. Cam, “Understanding tradeoffs between throughput, quality, and cost of alert analysis in a csoc,”IEEE Transactions on Information Forensics and Security, vol. 14, no. 5, pp. 1155–1170, 2018

work page 2018
[57]

A methodology to measure and monitor level of operational effectiveness of a csoc,

——, “A methodology to measure and monitor level of operational effectiveness of a csoc,”International Journal of Information Security, vol. 17, no. 2, pp. 121–134, 2018

work page 2018
[58]

True attacks, attack attempts, or benign triggers? an empirical measurement of network alerts in a security operations center,

L. Yang, Z. Chen, C. Wang, Z. Zhang, S. Booma, P. Cao, C. Adam, A. Withers, Z. Kalbarczyk, R. K. Iyeret al., “True attacks, attack attempts, or benign triggers? an empirical measurement of network alerts in a security operations center,” in33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 1525–1542

work page 2024
[59]

A survey of distance and similarity measures used within network intrusion anomaly detection,

D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, “A survey of distance and similarity measures used within network intrusion anomaly detection,”IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 70–91, 2014

work page 2014
[60]

A PCA-based method for IoT network traffic anomaly detection,

D. H. Hoang and H. D. Nguyen, “A PCA-based method for IoT network traffic anomaly detection,” in2018 20th International conference on advanced communication technology (ICACT). IEEE, 2018, pp. 381– 386

work page 2018
[61]

Mahalanobis distance,

G. J. McLachlan, “Mahalanobis distance,”Resonance, vol. 4, no. 6, pp. 20–26, 1999

work page 1999
[62]

A simple unified framework for detecting out-of-distribution samples and adversarial attacks,

K. Lee, K. Lee, H. Lee, and J. Shin, “A simple unified framework for detecting out-of-distribution samples and adversarial attacks,”Advances in neural information processing systems, vol. 31, 2018

work page 2018
[63]

Learning a mahalanobis distance metric for data clustering and classification,

S. Xiang, F. Nie, and C. Zhang, “Learning a mahalanobis distance metric for data clustering and classification,”Pattern recognition, vol. 41, no. 12, pp. 3600–3612, 2008

work page 2008
[64]

Goodfellow, Y

I. Goodfellow, Y. Bengio, and A. Courville,Deep Learning. MIT Press, 2016, pp. 71–77. [Online]. Available: http://www.deeplearningbook.org

work page 2016
[65]

Visualizing data using t-SNE,

L. v. d. Maaten and G. Hinton, “Visualizing data using t-SNE,”Journal of machine learning research, vol. 9, no. Nov, pp. 2579–2605, 2008

work page 2008
[66]

UMAP: Uniform Manifold Approximation and Projection for Dimension Reduction

L. McInnes, J. Healy, and J. Melville, “UMAP: Uniform manifold approximation and projection for dimension reduction,”arXiv preprint arXiv:1802.03426, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[67]

A unified approach to interpreting model predictions,

S. M. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,”Advances in neural information processing systems, vol. 30, 2017

work page 2017
[68]

Defending network intrusion detection systems against adversarial evasion attacks,

M. Pawlicki, M. Chora ´s, and R. Kozik, “Defending network intrusion detection systems against adversarial evasion attacks,”Future Generation Computer Systems, vol. 110, pp. 148–154, 2020

work page 2020
[69]

Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems,

M. Usama, M. Asim, S. Latif, J. Qadiret al., “Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems,” in2019 15th international wireless com- munications & mobile computing conference (IWCMC). IEEE, 2019, pp. 78–83

work page 2019
[70]

Adversarial training for free!

A. Shafahi, M. Najibi, M. A. Ghiasi, Z. Xu, J. Dickerson, C. Studer, L. S. Davis, G. Taylor, and T. Goldstein, “Adversarial training for free!” Advances in neural information processing systems, vol. 32, 2019

work page 2019
[71]

Fast is better than free: Revisiting adversarial training,

E. Wong, L. Rice, and J. Z. Kolter, “Fast is better than free: Revisiting adversarial training,”arXiv preprint arXiv:2001.03994, 2020

work page arXiv 2001
[72]

Principal component analysis: a review and recent developments,

I. T. Jolliffe and J. Cadima, “Principal component analysis: a review and recent developments,”Philosophical transactions of the royal society A: Mathematical, Physical and Engineering Sciences, vol. 374, no. 2065, p. 20150202, 2016

work page 2065
[73]

Robust- ness may be at odds with accuracy,

D. Tsipras, S. Santurkar, L. Engstrom, A. Turner, and A. Madry, “Robust- ness may be at odds with accuracy,”arXiv preprint arXiv:1805.12152, 2018

work page arXiv 2018
[74]

Recent advances in adversarial training for adversarial robustness,

T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent advances in adversarial training for adversarial robustness,”arXiv preprint arXiv:2102.01356, 2021

work page arXiv 2021
[75]

Delving into Transferable Adversarial Examples and Black-box Attacks

Y. Liu, X. Chen, C. Liu, and D. Song, “Delving into transfer- able adversarial examples and black-box attacks,”arXiv preprint arXiv:1611.02770, 2016

work page internal anchor Pith review Pith/arXiv arXiv 2016
[76]

Towards evaluating the robustness of neural networks,

N. Carlini and D. Wagner, “Towards evaluating the robustness of neural networks,” in2017 ieee symposium on security and privacy (sp). Ieee, 2017, pp. 39–57

work page 2017
[77]

Generating Adversarial Examples with Adversarial Networks

C. Xiao, B. Li, J.-Y. Zhu, W. He, M. Liu, and D. Song, “Gener- ating adversarial examples with adversarial networks,”arXiv preprint arXiv:1801.02610, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[78]

Generating adversarial malware examples for black- box attacks based on GAN,

W. Hu and Y. Tan, “Generating adversarial malware examples for black- box attacks based on GAN,” inInternational Conference on Data Mining and Big Data. Springer, 2022, pp. 409–423

work page 2022
[79]

Robust Physical-World Attacks on Deep Learning Models

I. Evtimov, K. Eykholt, E. Fernandes, T. Kohno, B. Li, A. Prakash, A. Rahmati, and D. Song, “Robust physical-world attacks on machine learning models,”arXiv preprint arXiv:1707.08945, vol. 2, no. 3, p. 4, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[80]

Generic black-box end-to-end attack against state of the art API call based malware clas- sifiers,

I. Rosenberg, A. Shabtai, L. Rokach, and Y. Elovici, “Generic black-box end-to-end attack against state of the art API call based malware clas- sifiers,” inInternational Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 2018, pp. 490–510

work page 2018

Showing first 80 references.