Detecting Poisoning Attacks on Machine Learning in IoT Environments

Machine Learning (ML) plays an increasing role in Internet of Things (IoT), both in the Cloud and at the Edge, using trained models for applications from factory automation to environmental sensing. However, using ML in IoT environments presents unique security challenges. In particular, adversaries can manipulate the training data by tampering with sensors' measurements. This type of attack, known as a poisoning attack has been shown to significantly decrease overall performance, cause targeted misclassification or bad behavior, and insert "backdoors" and "neural trojans". Taking advantage of recently developed tamper-free provenance frameworks, we present a methodology that uses contextual information about the origin and transformation of data points in the training set to identify poisonous data. Our approach works with or without a trusted test data set. Using the proposed approach poisoning attacks can be effectively detected and mitigated in IoT environments with reliable provenance information.