Adversarial Attacks on Time-Series Intrusion Detection for Industrial Control Systems

Abstract: Neural networks are increasingly used for intrusion detection on industrial control systems (ICS). With neural networks being vulnerable to adversarial examples, attackers who wish to cause damage to an ICS can attempt to hide their attacks from detection by using adversarial example techniques. In this work we address the domain specific challenges of constructing such attacks against autoregressive based intrusion detection systems (IDS) in a ICS setting.We model an attacker that can compromise a subset of s… Show more

“…Accordingly, Logistic Regression (LR), Linear Discriminant Analysis (LDA), k-nearest neighbours (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), and Classificationand Regression Tree (CART) are reported by [8]; one-class Support Vector Machines (SVM) and Deep Neural Networks (DNN) are reported by [9]. Similarly, Multi-layer Perceptron (MLP), Convolutional Neural Network (CNN), and Recurrent Neural Network (RNN) are reported by [10]; Long Short-term Memory (LSTM) is reported by [11]. Thus, to have an comprehensive overview of the existing methods, in this paper, we will evaluate our solution and the those reference solutions in terms of detection performance.…”

“…In this experiment scenario, we will study the performance of FedeX in comparison with 14 other reference solutions comprehensively, including: machine-learning reference methods is reported by [8], namely LR, LDA, KNN, CART, NB, and SVM; SVM and DNN reported by [9]; MLP, CNN, and RNN reported by [10]; LSTM reported by [11]; MADICS [12] based on LSTM, 1D-CNN [13], and LAD-ADS [14] using the rule-based method. Our experiments are run with 2 cases: with the SCADA liquid storage infrastructure dataset [27]), and (2) with the well-known SWaT dataset [22].…”

Federated Learning-Based Explainable Anomaly Detection for Industrial Control Systems

“…Accordingly, Logistic Regression (LR), Linear Discriminant Analysis (LDA), k-nearest neighbours (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), and Classificationand Regression Tree (CART) are reported by [8]; one-class Support Vector Machines (SVM) and Deep Neural Networks (DNN) are reported by [9]. Similarly, Multi-layer Perceptron (MLP), Convolutional Neural Network (CNN), and Recurrent Neural Network (RNN) are reported by [10]; Long Short-term Memory (LSTM) is reported by [11]. Thus, to have an comprehensive overview of the existing methods, in this paper, we will evaluate our solution and the those reference solutions in terms of detection performance.…”

“…In this experiment scenario, we will study the performance of FedeX in comparison with 14 other reference solutions comprehensively, including: machine-learning reference methods is reported by [8], namely LR, LDA, KNN, CART, NB, and SVM; SVM and DNN reported by [9]; MLP, CNN, and RNN reported by [10]; LSTM reported by [11]; MADICS [12] based on LSTM, 1D-CNN [13], and LAD-ADS [14] using the rule-based method. Our experiments are run with 2 cases: with the SCADA liquid storage infrastructure dataset [27]), and (2) with the well-known SWaT dataset [22].…”

Federated Learning-Based Explainable Anomaly Detection for Industrial Control Systems

“…Neural networks (NN) exhibit impressive performance and are now being assisted in many different areas such as medical diagnosis, computer vision, autonomous driving, and cyber attack detection. In particular, these technologies have been introduced to monitor and detect possible incoming cyber attacks that target Industrial Control Systems (ICS), a subset of cyber-physical systems (CPS) [11,12,14,28,29,34,53,52,55,56,18,23,25,40]. Defending these systems is extremely important, since ICSs are central to many areas of industry, energy production, and critical infrastructure, and they are exposed to external threats as they need to be remotely accessible by operators.…”

“…* Corresponding author moshekr@post.bgu.ac.il (M. Kravchik); luca.demetrio93@unica.it (L. Demetrio); battista.biggio@unica.it (B. Biggio); shabtaia@bgu.ac.il (A. Shabtai) ORCID(s): 0000-0001-8171-3755 (M. Kravchik); 0000-0001-7752-509X (L. Demetrio); 0000-0001-7752-509X (B. Biggio); 0000-0003-0630-4059 (A. Shabtai) nipulating input samples that are misclassified by the target model [11,56,29]. In the context of threat detectors, this is equivalent to bypass detection, with the subsequent success of the intended attack against the victim.…”

“…With online training, the model is periodically trained with new data collected from the protected system to accommodate for the concept drift. It was demonstrated in [56] on two public datasets collected from the same testbed at two different times, that over time such drift can be significant enough to render the detector trained on the old data useless. The problem was addressed by the detector's retraining with the new data.…”

Practical Evaluation of Poisoning Attacks on Online Anomaly Detectors in Industrial Control Systems

Perspectives from a Comprehensive Evaluation of Reconstruction-based Anomaly Detection in Industrial Control Systems