Adversarial Machine Learning Defense in IoT Ecosystems

Abstract

The rapid expansion of Internet of Things (IoT) devices across consumer, industrial, and critical‑infrastructure domains has delivered unprecedented connectivity and automation. Yet this proliferation has also exposed a pressing security challenge: adversarial machine learning (AML) attacks that exploit subtle input perturbations to mislead or disable embedded intelligence. Such attacks—from single‑step perturbations like the Fast Gradient Sign Method (FGSM) to iterative optimization methods such as Projected Gradient Descent (PGD) and the Carlini & Wagner (C&W) attack—can have severe consequences in IoT contexts, ranging from false alarms in safety‑critical sensors to manipulated decisions in autonomous systems. Traditional AML defenses, while effective in large‑scale datacenter environments, often impose prohibitive computational or latency overheads for resource‑constrained IoT endpoints. In this work, we present a hybrid defense framework specifically tailored to the constrained and heterogeneous nature of IoT ecosystems. Our approach integrates three complementary techniques: (1) adversarial training, which augments the model’s decision boundary by including adversarial examples during offline retraining; (2) randomized smoothing, which adds certified robustness guarantees by averaging predictions over noise‑perturbed inputs at inference time; and (3) feature squeezing, a lightweight preprocessing step that reduces input complexity via bit‑depth reduction and median filtering. By strategically offloading the more intensive randomized smoothing to gateway or cloud nodes, while retaining feature squeezing for on‑device filtering, we achieve a balanced trade‑off between robustness and real‑time responsiveness.