Adversarial Attacks on AI-Based Botnet Detection Systems in IoT: Key Threats and Countermeasures
DOI:
https://doi.org/10.65204/djes.v3i2.490Abstract
Artificial Intelligence (AI) models are critical for detecting advanced Internet of Things (IoT) botnets. However, these systems are highly vulnerable to Adversarial Machine Learning (AML), where malicious inputs are crafted to cause misclassification (e.g., identifying malicious traffic as benign), posing a systemic threat to IoT security. This systematic literature review (SLR) addresses the persistent "reality gap" between theoretical AML research, often derived from computer vision, and the practical, domain-specific constraints of network security.
This paper synthesizes research from 2020–2025, providing comprehensive taxonomies of: (RQ1) targeted AI models, from traditional ML to modern Federated Learning (FL) frameworks; (RQ2) attack methodologies, highlighting the shift from feature-space (e.g., PGD) to realistic problem-space attacks (e.g., binary diversification, XAI-based attacks); (RQ3) proactive (e.g., Adversarial Training) and reactive defense strategies; and (RQ4) evaluation frameworks, critiquing the use of outdated datasets.
Finally, (RQ5) we analyze open challenges, focusing on the IoT resource-constraint dilemma—where effective defenses like Adversarial Training are too computationally expensive for edge devices —and performance trade-offs. We conclude by outlining future directions, emphasizing the need for constraint-aware defenses, secure FL, and leveraging Generative AI.
References
M. Lefoane, I. Ghafir, S. Kabir, and I.-U. Awan, “Internet of Things botnets: A survey on Artificial Intelligence based detection techniques,” J. Netw. Comput. Appl., vol. 236, p. 104110, 2025.
S. Szymoniak, J. Piątkowski, and M. Kurkowski, “Defense and Security Mechanisms in the Internet of Things: A Review,” Appl. Sci., vol. 15, no. 2, p. 499, Jan. 2025.
R. Anne W, G. Kirubavathi, and U. K. Sridevi, “Detection of IoT Botnet using Machine learning and Deep learning Techniques,” Research Square, Mar. 2023.
M. S. Mohammed and H. A. T. Alothman, “Using Machine Learning Algorithms in Intrusion Detection Systems: A Review,” Tikrit Journal of Pure Science, vol. 29, no. 3, pp. 63–74, Jun. 2024.
M. Ahmed and Q. Abdullah, “Network Intrusion Detection Systems: Machine Learning-Based Attack and Remedy Strategies - A Review,” Al-Salam Journal for Engineering and Technology, vol. 4, no. 2, pp. 11–29, 2025.
Y. L. Khaleel, M. A. Habeeb, and H. Alnabulsi, “Adversarial Attacks in Machine Learning: Key Insights and Defense Approaches,” Applied Data Science and Analysis, vol. 2024, pp. 121–147, Aug. 2024.
P. M. Sánchez Sánchez, A. Huertas Celdrán, G. Bovet, and G. Martínez Pérez, “Adversarial attacks and defenses on ML- and hardware-based IoT device fingerprinting and identification,” Future Gener. Comput. Syst., vol. 152, pp. 30–42, 2024.
F. Aloraini, A. Javed, O. Rana, and P. Burnap, “Adversarial machine learning in IoT from an insider point of view,” J. Inf. Secur. Appl., vol. 70, p. 103341, 2022.
O. Ibitoye, O. Shafiq, and A. Matrawy, “Analyzing Adversarial Attacks Against Deep Learning for Intrusion Detection in IoT Networks,” arXiv preprint arXiv:1905.05137v1, May 2019.
A. T. Olutimehin et al., “Adversarial Threats to AI-Driven Systems: Exploring the Attack Surface of Machine Learning Models and Countermeasures,” J. Eng. Res. Rep., vol. 27, no. 2, pp. 341–362, 2025.
S. Sharma and Z. Chen, “A Systematic Study of Adversarial Attacks Against Network Intrusion Detection Systems,” Electronics, vol. 13, no. 24, p. 5030, 2024.
A. Namvar, “Adversarial Machine Learning in IoT: Vulnerability Analysis and Robustness,” Ph.D. Thesis, School of Computer Science and Engineering, The University of New South Wales, Oct. 2023.
H. Mohammadian, A. H. Lashkari, and A. A. Ghorbani, “Evaluating Deep Learning-based NIDS in Adversarial Settings,” in Proc. 9th International Conference on Computer and Knowledge Engineering (ICCKE), 2022.
Y. Wang et al., “Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey,” arXiv preprint arXiv:2303.06302v1, Mar. 2023.
G.-Y. Lin, P.-Y. Wang, S.-M. Cheng, and H.-M. Lee, “Improving Robustness in IoT Malware Detection through Execution Order Analysis,” ACM Trans. Embed. Comput. Syst., Aug. 2024. doi: 10.1145/3684278.
F. R. Mughal et al., “Adaptive federated learning for resource-constrained IoT devices through edge intelligence and multi-edge clustering,” Sci. Rep., vol. 13, no. 1, p. 20038, 2023.
Z. Feng, “Federated Learning Security Threats and Defense Approaches,” in Proc. 2023 2nd International Conference on Computer Science and Innovative Computations (CSIC), Highlights in Science, Engineering and Technology, vol. 85, pp. 120–127, 2024.
A. Goel, A. Sharma, and D. Kejriwal, “IoT Device Authentication Using Adversarial Machine Learning,” Journal of Advances in Developmental Research (IJAIDR), vol. 15, no. 12, Sep. 2024.
A. Vassilev, A. Oprea, A. Fordyce, and H. Anderson, “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,” NIST AI 100-2e2023, U.S. Department of Commerce, Jan. 2024.
A. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay, “A survey on adversarial attacks and defences,” CAAI Trans. Intell. Technol., vol. 6, no. 1, pp. 25–45, 2021.
J. C. Costa, T. Roxo, H. Proença, and P. R. M. Inácio, “How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses,” arXiv preprint arXiv:2305.10862v1, May 2023.
J. Sándor, R. Nagy, and L. Buttyán, “Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training,” in Proc. 2023 ACM Workshop on Wireless Security and Machine Learning (WiseML '23), Guildford, United Kingdom, Jun. 2023.
M. M. Alani, A. Mashatan, and A. Miri, “Adversarial Explainability: Utilizing Explainable Machine Learning in Bypassing IoT Botnet Detection Systems,” arXiv preprint arXiv:2310.00070v1, Sep. 2023.
A. Abomakhelb, K. A. Jalil, A. G. Buja, A. Alhammadi, and A. M. Alenezi, “A Comprehensive Review of Adversarial Attacks and Defense Strategies in Deep Neural Networks,” Technologies, vol. 13, no. 5, p. 202, May 2025.
R. H. Randhawa, N. Aslam, M. Alauthman, H. Rafiq, and F. Comeau, “Security Hardening of Botnet Detectors Using Generative Adversarial Networks,” IEEE Access, vol. 9, pp. 78278–78294, 2021.
N. Capuano, G. Fenza, V. Loia, and C. Stanzione, “Explainable Artificial Intelligence in CyberSecurity: A Survey,” IEEE Access, vol. 10, pp. 93575–93600, 2022.
M. M. Hasan, R. Islam, Q. Mamun, M. Z. Islam, and J. Gaob, “Adversarial Attacks on Deep Learning-based Network Intrusion Detection Systems: A Taxonomy and Review,” SSRN Electronic Journal, 2024. [Online]. Available: https://ssrn.com/abstract=4863302
S. Ankalaki et al., “Cyber Attack Prediction: From Traditional Machine Learning to Generative Artificial Intelligence,” IEEE Access, vol. 13, pp. 28863–28877, 2025.
K. Barik and S. Misra, “A comprehensive defense approach of deep learning-based NIDS against adversarial attacks,” Multimed. Tools Appl., vol. 84, pp. 37745–37791, 2025.
M. B. Mwangi and S.-M. Cheng, “An Adversarial Attack on ML-Based IoT Malware Detection Using Binary Diversification Techniques,” IEEE Access, vol. 12, pp. 170940–170953, 2024.
G. Apruzzese, M. Colajanni, and M. Marchetti, “Evaluating the effectiveness of Adversarial Attacks against Botnet Detectors,” in Proc. 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA, 2019.
J. Malik, R. Muthalagu, and P. M. Pawar, “A Systematic Review of Adversarial Machine Learning Attacks, Defensive Controls, and Technologies,” IEEE Access, vol. 12, pp. 99402–99422, 2024.
I. Debicha, J.-M. Dricot, and B. Piètu, “Adversarial Training for Deep Learning-based Intrusion Detection Systems,” in Proc. The Sixteenth International Conference on Systems (ICONS 2021), 2021, pp. 40–45.
E. Sanchez, L. Clark, S. Ramirez, A. Lewis, A. Robinson, and D. Esther, “Adversarial Attacks and Defenses in IoT Networks,” Article, Nov. 2024. [Online]. Available: https://www.researchgate.net/publication/391270645
V. A. Memos and K. E. Psannis, “AI-powered Honeypots for Enhanced IoT Botnet Detection,” Presentation at 3rd World Symposium on Communication Engineering (WSCE), Oct. 2020.
V. P. Singh, R. Kumari, and M. Kaur, “Machine Learning for Intrusion Detection System in IoT Environment with Permutation Importance,” in Proc. 1st International Conference on AI, IoT, and Next Generation Technologies (ICAINGT 2024), 2024, CEUR-WS.org, Vol-3774, Paper 2.
K. S. Prasad et al., “A two-tier optimization strategy for feature selection in robust adversarial attack mitigation on internet of things network security,” Sci. Rep., vol. 15, no. 1, p. 2235, 2025.
Malik, Jasmita et al. “A Systematic Review of Adversarial Machine Learning Attacks, Defensive Controls, and Technologies.” IEEE Access 12 (2024): 99382-99421.
A Comprehensive Review of Learning-Based Anomaly Detection Techniques in IoT Security Systems”, East Journal of Computer Science, vol. 1, no. 4, pp. 18–27, Sep. 2025.
N. Hasan, Z. Chen, C. Zhao, Y. Zhu, and S. M. R. Islam, “IoT Botnet Detection framework from Network Behavior based on Extreme Learning Machine,” in Proc. IEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2022.
J. Vitorino, I. Praça, and E. Maia, “Towards adversarial realism and robust learning for IoT intrusion detection and classification,” Ann. Telecommun., vol. 78, pp. 401–412, 2023.
Z. Iqbal, A. Imran, A. U. Yasin, and A. Alvi, “Denial of Service (DoS) Defences against Adversarial Attacks in IoT Smart Home Networks using Machine Learning Methods,” NUST Journal of Engineering Sciences, vol. 15, no. 1, pp. 19–25, 2022.
Aparcana-Tasayco, A.J., Deng, X. & Park, J.H. A systematic review of anomaly detection in IoT security: towards quantum machine learning approach. EPJ Quantum Technol. 12, 112 (2025).
M. M. Hasan, R. Islam, Q. Mamun, M. Z. Islam, and J. Gao, “Adversarial Attacks on Deep Learning-based Network Intrusion Detection Systems: A Taxonomy and Review,” SSRN Electronic Journal, 2024. [Online]. Available.
T. Al-Shurbaji et al., "Deep Learning-Based Intrusion Detection System for Detecting IoT Botnet Attacks: A Review," in IEEE Access, vol. 13, pp. 11792-11822, 2025.
S. Kumar and S. Soni, “Botnet Attack Prevention in Internet of Things (IOT) devices Using AI: A Systematic Review,” International Journal of Computer Science Trends and Technology (IJCST), vol. 13, no. 2, pp. 67–78, 2025.
