Adversarial Robustness of Traffic Classification under Resource Constraints: Input Structure Matters

TL;DR

This paper investigates how input data structure affects the adversarial robustness of lightweight traffic classification models on resource-constrained edge devices, demonstrating that input format significantly impacts vulnerability and robustness.

Contribution

It introduces hardware-aware neural architecture search for designing efficient, robust traffic classifiers and highlights the importance of input structure in adversarial vulnerability.

Findings

Flat input models retain higher accuracy under attack.

Time-series input models are more vulnerable to adversarial perturbations.

Adversarial fine-tuning improves robustness significantly.

Abstract

Traffic classification (TC) plays a critical role in cybersecurity, particularly in IoT and embedded contexts, where inspection must often occur locally under tight hardware constraints. We use hardware-aware neural architecture search (HW-NAS) to derive lightweight TC models that are accurate, efficient, and deployable on edge platforms. Two input formats are considered: a flattened byte sequence and a 2D packet-wise time series; we examine how input structure affects adversarial vulnerability when using resource-constrained models. Robustness is assessed against white-box attacks, specifically Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). On USTC-TFC2016, both HW-NAS models achieve over 99% clean-data accuracy while remaining within 65k parameters and 2M FLOPs. Yet under perturbations of strength 0.1, their robustness diverges: the flat model retains over 85% accuracy, while the time-series variant drops below 35%. Adversarial fine-tuning delivers robust gains, with flat-input accuracy exceeding 96% and the time-series variant recovering over 60 percentage points in robustness, all without compromising efficiency. The results underscore how input structure influences adversarial vulnerability, and show that even compact, resource-efficient models can attain strong robustness, supporting their practical deployment in secure edge-based TC.