Self-Probing One-Class IDS: Calibrated Rejection via Internal Adversarial Stress Tests

For OCC IDS (autoencoders, one-class SVMs), attach a lightweight adversarial probing module. Given an input, run fast local projected attacks in feature space to find the minimal perturbation that flips the model from “in-class” to “out-of-class” (or vice versa). Use this minimal budget as a rejection score; low budgets indicate fragility and trigger abstention or secondary screening. During training, perform self-probing to shape the latent manifold (e.g., margin enlargement, feature mixing) and calibrate thresholds. Sorensen et al. (SATC 2025) show OCC models are highly vulnerable to evasion, but defenses often rely on adversarial training with labeled attacks or heavy ensembles. This approach is label-free, per-sample, and uses adversarial deviation as a decision-margin estimator—closer to Van Tuinen et al.’s discrepancy idea but adapted to one-class anomaly detection. It complements techniques like Gaussian noise injection and margin enlargement seen in Zhang & Sikdar (2024) with an online, adaptive rejection layer. Fits the surveys’ call for scalable, real-time defenses and standardized metrics (e.g., “minimal adversarial budget” per sample). Also aligns with Wu et al. (2023) life-cycle defense taxonomy: training-time margin shaping and inference-time abstention. OCC settings lack labels by design; self-probing creates a data-driven, local notion of robustness. It is architecture-agnostic and deployable on resource-constrained IoT devices with small PGD steps. Impact: A practical path to harden OCC-based IoT IDS against evasion while maintaining low false positives—turning adversarial testing into an operational safety valve.

References:

1. Adversarial Evasion Attacks on OCC-Based Machine Learning Intrusion Detection Systems in the Internet of Things. David Lykke Sorensen, Mohamed Baza, Mahmoud M. Badr, Tara Salman, Amar Rasheed (2025). 2025 1st International Conference on Secure IoT, Assured and Trusted Computing (SATC).
2. Defenses in Adversarial Machine Learning: A Survey. Baoyuan Wu, Shaokui Wei, Mingli Zhu, Meixi Zheng, Zihao Zhu, Mingda Zhang, Hongrui Chen, Danni Yuan, Li Liu, Qingshan Liu (2023). arXiv.org.
3. Novel Adversarial Defense Techniques for White-Box Attacks. Jason Van Tuinen, A. Ranganath, G. Konjevod, Mukesh Singhal, Roummel F. Marcia (2022). International Conference on Machine Learning and Applications.
4. A Novel Adversarial FDI Attack and Defense Mechanism for Smart Grid Demand-Response Mechanisms. Guihai Zhang, Biplab Sikdar (2024). IEEE Transactions on Industrial Cyber-Physical Systems.