Mitigating Adversarial Reconnaissance in IoT Anomaly Detection Systems: A Moving Target Defense Approach based on Reinforcement Learning




Adversarial Machine Learning, Anomaly detection systems, IoT security, Threat mitigation, Reinforcement Learning


The machine learning (ML) community has extensively studied adversarial threats on learning-based systems, emphasizing the need to address the potential compromise of anomaly-based intrusion detection systems (IDS) through adversarial attacks. On the other hand, investigating the use of moving target defense (MTD) mechanisms in Internet of Things (IoT) networks is ongoing research, with unfathomable potential to equip IoT devices and networks with the ability to fend off cyber attacks despite their computational deficiencies. In this paper, we propose a game-theoretic model of MTD to render the configuration and deployment of anomaly-based IDS more dynamic through diversification of feature training in order to minimize successful reconnaissance on ML-based IDS. We then solve the MTD problem using a reinforcement learning method to generate the optimal shifting policy within the network without a prior network transition model. The state-of-the-art ToN-IoT dataset is investigated for feasibility to implement the feature-based MTD approach. The overall performance of the proposed MTD-based IDS is compared to a conventional IDS by analyzing the accuracy curve for varying attacker success rates. Our approach has proven effective in increasing the resilience of the IDS against adversarial learning.


Download data is not yet available.
<br data-mce-bogus="1"> <br data-mce-bogus="1">


IHS, S. (2018) Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions).

Makhdoom, I., Abolhasan, M., Lipman, J., Liu, R.P. and Ni, W. (2018) Anatomy of threats to the internet of things. IEEE Communications Surveys & Tutorials 21(2): 1636–1675. DOI:

Giraldo, J., Urbina, D., Cardenas, A., Valente, J., Faisal, M., Ruths, J., Tippenhauer, N.O. et al. (2018) A survey of physics-based attack detection in cyberphysical systems. ACM Computing Surveys (CSUR) 51(4): 1–36. DOI:

Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z. et al. (2017) Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17): 1093–1110.

Şendroiu, A. and Diaconescu, V. (2018) Hide’n’seek: an adaptive peer-to-peer iot botnet. architecture 3: 5.

Santos, L., Rabadao, C. and Gonçalves, R. (2018) Intrusion detection systems in internet of things: A literature review. In 2018 13th Iberian Conference on Information Systems and Technologies (CISTI) (IEEE): 1–7. DOI:

Elrawy, M.F., Awad, A.I. and Hamed, H.F. (2018) Intrusion detection systems for iot-based smart environments: a survey. Journal of Cloud Computing 7(1): 1–20. DOI:

Zarpelão, B.B., Miani, R.S., Kawakani, C.T. and de Alvarenga, S.C. (2017) A survey of intrusion detection in internet of things. Journal of Network and Computer Applications 84: 25–37. DOI:

Al-Garadi, M.A., Mohamed, A., Al-Ali, A.K., Du, X., Ali, I. and Guizani, M. (2020) A survey of machine and deep learning methods for internet of things (iot) security. IEEE Communications Surveys & Tutorials 22(3): 1646–1685. DOI:

Alsoufi, M.A., Razak, S., Siraj, M.M., Nafea, I., Ghaleb, F.A., Saeed, F. and Nasser, M. (2021) Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review. Applied sciences 11(18): 8383. DOI:

Patel, V., Choe, S. and Halabi, T. (2020) Predicting future malware attacks on cloud systems using machine learning. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS) (IEEE): 151–156. DOI:

Vorobeychik, Y., Kantarcioglu, M., Brachman, R., Stone, P. and Rossi, F. (2018) Adversarial machine learning, 12 (Springer). DOI:

Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D. and Kambhampati, S. (2020) A survey of moving target defenses for network security. IEEE Communications Surveys & Tutorials 22(3): 1909–1941. DOI:

Booij, T.M., Chiscop, I., Meeuwissen, E., Moustafa, N. and den Hartog, F.T. (2021) Ton_iot: The role of heterogeneity and the need for standardization of features and attack types in iot network intrusion data sets. IEEE Internet of Things Journal 9(1): 485–496. DOI:

Huang, S., Papernot, N., Goodfellow, I., Duan, Y. and Abbeel, P. (2017) Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284 .

Mahmood, K., Gurevin, D., van Dijk, M. and Nguyen, P.H. (2021) Beware the black-box: On the robustness of recent defenses to adversarial examples. Entropy 23(10): 1359. DOI:

Ayub, M.A., Johnson, W.A., Talbert, D.A. and Siraj, A. (2020) Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th annual conference on information sciences and systems (CISS) (IEEE): 1–6. DOI:

Zhong, Y., Zhu, Y., Wang, Z., Yin, X., Shi, X. and Li, K. (2020) An adversarial learning model for intrusion detection in real complex network environments. In Wireless Algorithms, Systems, and Applications: 15th International Conference, WASA 2020, Qingdao, China, September 13–15, 2020, Proceedings, Part I 15 (Springer): 794–806. DOI:

Lee, H., Bae, H. and Yoon, S. (2020) Gradient masking of label smoothing in adversarial robustness. IEEE Access 9: 6453–6464. DOI:

Xu, H., Ma, Y., Liu, H.C., Deb, D., Liu, H., Tang, J.L. and Jain, A.K. (2020) Adversarial attacks and defenses in images, graphs and text: A review. International Journal of Automation and Computing 17: 151–178. DOI:

Zhang, H. and Wang, J. (2019) Defense against adversarial attacks using feature scattering-based adversarial training. Advances in Neural Information Processing Systems 32.

Santhanam, G.K. and Grnarova, P. (2018) Defending against adversarial attacks by leveraging an entire gan. arXiv preprint arXiv:1805.10652 .

Navas, R.E., Cuppens, F., Cuppens, N.B., Toutain, L. and Papadopoulos, G.Z. (2020) Mtd, where art thou? a systematic review of moving target defense techniques for iot. IEEE internet of things journal 8(10): 7818–7832. DOI:

Zhuang, R., DeLoach, S.A. and Ou, X. (2014) Towards a theory of moving target defense. In Proceedings of the first ACM workshop on moving target defense: 31–40. DOI:

Mercado-Velázquez, A.A., Escamilla-Ambrosio, P.J. and Ortiz-Rodriguez, F. (2021) A moving target defense strategy for internet of things cybersecurity. IEEE Access 9: 118406–118418. DOI:

Jia, Q., Sun, K. and Stavrou, A. (2013) Motag: Moving target defense against internet denial of service attacks. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN) (IEEE): 1–9. DOI:

Wang, L. and Wu, D. (2016) Moving target defense against network reconnaissance with software defined networking. In Information Security: 19th International Conference, ISC 2016, Honolulu, HI, USA, September 3-6, 2016. Proceedings 19 (Springer): 203–217. DOI:

Giraldo, J.A., El Hariri, M. and Parvania, M. (2022) Moving target defense for cyber–physical systems using iot-enabled data replication. IEEE Internet of Things Journal 9(15): 13223–13232. DOI:

Wang, H., Li, F. and Chen, S. (2016) Towards costeffective moving target defense against ddos and covert channel attacks. In Proceedings of the 2016 ACMWorkshop on Moving Target Defense: 15–25. DOI:

Osei, A.B., Yeginati, S.R., Al Mtawa, Y. and Halabi, T. (2022) Optimized moving target defense against ddos attacks in iot networks: When to adapt? In GLOBECOM 2022-2022 IEEE Global Communications Conference (IEEE): 2782–2787. DOI:

Von Neumann, J. and Morgenstern, O. (2007) Theory of games and economic behavior. In Theory of games and economic behavior (Princeton university press).

Shoham, Y. and Leyton-Brown, K. (2008) Multiagent systems: Algorithmic, game-theoretic, and logical foundations (Cambridge University Press). DOI:

Chen, H. and Koushanfar, F. (2023) Tutorial: Toward robust deep learning against poisoning attacks. ACM Transactions on Embedded Computing Systems 22(3): 1–15. DOI:

Evans, C. and Hamkins, J.D. (2013) Transfinite game values in infinite chess. arXiv preprint arXiv:1302.4377.

Carter, T. (2007) An introduction to information theory and entropy. Complex systems summer school, Santa Fe .

Li, Y. (2017) Deep reinforcement learning: An overview. arXiv preprint arXiv:1701.07274 .

Ding, G., Aghli, S., Heckman, C. and Chen, L. (2018) Game-theoretic cooperative lane changing using datadriven models. In 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) (IEEE): 3640–3647. DOI:

Brunton, S.L. and Kutz, J.N. (2022) Data-driven science and engineering: Machine learning, dynamical systems, and control (Cambridge University Press). DOI:

Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E. and Bellekens, X. (2020) Mqtt-iot-ids2020: Mqtt internet of things intrusion detection dataset. IEEE Dataport .




How to Cite

A. Osei, Y. Al Mtawa, and T. Halabi, “Mitigating Adversarial Reconnaissance in IoT Anomaly Detection Systems: A Moving Target Defense Approach based on Reinforcement Learning”, EAI Endorsed Trans IoT, vol. 10, Jul. 2024.