Malicious Attack Defense in Human-to-Machine Applications Through Concept Drift Adaptation

Journal article, 2025

The operational security of latency-sensitive networked applications is increasingly threatened by evolving malicious attacks that compromise operational integrity and network performance. Human-to-machine (H2M) applications, which rely on seamless bidirectional control signals and haptic feedback transmission, exemplify such latency-sensitive use cases. Existing learning-based malicious attack detection frameworks suffer from their reliance on pre-trained datasets, making machine learning models within them ineffective against previously unseen attack patterns. As attack profiles dynamically evolve, static models become obsolete, necessitating adaptive mechanisms to maintain detection accuracy. In this context, concept drift adaptation will serve as a critical tool for enabling models to continuously adjust to changing traffic distributions and emerging attack patterns. However, real-world H2M applications lack access to accurately labeled malicious traffic data, making real-time adaptation of defense mechanisms infeasible. To address these challenges, we propose a Concept Drift Adaptation-facilitated malicious attack Defense framework (CDAD). Firstly, CDAD employs Adaptive Random Forest as an incremental learning approach, integrating an error-rate-based concept drift detection mechanism to dynamically identify evolving attack patterns and trigger adaptive model updates. Secondly, a haptic behavior classifier is introduced to classify expected human operator interactions and compare them with real-time haptic feedback from remote machines. This enables automated traffic relabeling, allowing CDAD to adapt to previously unseen attacks without relying on pre-labeled datasets. The superior performance of CDAD over existing state-of-the-art methods is demonstrated across various malicious attack scenarios through extensive simulations. Results show that with CDAD, the attack success rate can be limited to 3%, while maintaining an inference time below 1ms, thereby ensuring effective and efficient malicious attack defense in latency-sensitive H2M applications.