Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Xu Wan,Lanting Zeng,Mingyang Sun

DOI: https://doi.org/10.24963/ijcai.2022/549

2022-01-01

Abstract:Decarbonization of global power systems significantly increases the operational uncertainty and modeling complexity that drive the necessity of widely exploiting cutting-edge Deep Reinforcement Learning (DRL) technologies to realize adaptive and real-time emergency control, which is the last resort for system stability and resiliency. The vulnerability of the DRL-based emergency control scheme may lead to severe real-world security issues if it can not be fully explored before implementing it practically. To this end, this is the first work that comprehensively investigates adversarial attacks and defense mechanisms for DRL-based power system emergency control. In particular, recovery-targeted (RT) adversarial attacks are designed for gradient-based approaches, aiming to dramatically degrade the effectiveness of the conducted emergency control actions to prevent the system from restoring to a stable state. Furthermore, the corresponding robust defense (RD) mechanisms are proposed to actively modify the observations based on the distances of sequential states. Experiments are conducted based on the standard IEEE reliability test system, and the results show that security risks indeed exist in the state-of-the-art DRL-based power system emergency control models. The effectiveness, stealthiness, instantaneity, and transferability of the proposed attacks and defense mechanisms are demonstrated with both white-box and black-box settings.

Zhenqin Yin,Yue Zhuo,Zhiqiang Ge

DOI: https://doi.org/10.1016/j.ress.2023.109299

IF: 7.247

2023-01-01

Reliability Engineering & System Safety

Abstract:As indispensable parts of industrial production control, data-driven industrial intelligent systems (IIS) achieve efficient executions of significant tasks such as fault classification (FC), fault detection (FD), and soft sensing (SS). Recently, machine learning models have been proven vulnerable to adversarial attacks, where the transfer-based attacks provide highly feasible attacks on systems in real-world black-box scenarios. In this paper, to study the practical security risks of IIS, we investigate transferable adversarial attacks from: (1) showing the existence of transferable adversarial examples across different industrial tasks; (2) exploring factors (e.g., data feature, model structure, and attack method) affecting transferability under multi-scenarios; (3) proposing a new method to enhance the transferability; (4) providing guidelines on practical system deployments to defend against transferable adversarial threats. The attacks demonstrate generality on two types of datasets, Tennessee Eastman industrial process (TEP) and WM-811K wafer map dataset, and the experiment results show that: (1) transfer is asymmetric and complex models are relatively stable with low sample transferability; (2) iterative and single-step methods have opposite performance characteristics under the intra-and cross-task transfer; (3) overfitting of optimization methods leads to weak transferability; (4) smoothing gradients and widening intermediate layer perturbations are effective directions for improving transferability.

Cheng Feng,Tingting Li,Zhanxing Zhu,Deeph Chana

DOI: https://doi.org/10.48550/arXiv.1709.06397

2017-09-19

Cryptography and Security

Abstract:Industrial control systems (ICS), which in many cases are components of critical national infrastructure, are increasingly being connected to other networks and the wider internet motivated by factors such as enhanced operational functionality and improved efficiency. However, set in this context, it is easy to see that the cyber attack surface of these systems is expanding, making it more important than ever that innovative solutions for securing ICS be developed and that the limitations of these solutions are well understood. The development of anomaly based intrusion detection techniques has provided capability for protecting ICS from the serious physical damage that cyber breaches are capable of delivering to them by monitoring sensor and control signals for abnormal activity. Recently, the use of so-called stealthy attacks has been demonstrated where the injection of false sensor measurements can be used to mimic normal control system signals, thereby defeating anomaly detectors whilst still delivering attack objectives. In this paper we define a deep learning-based framework which allows an attacker to conduct stealthy attacks with minimal a-priori knowledge of the target ICS. Specifically, we show that by intercepting the sensor and/or control signals in an ICS for a period of time, a malicious program is able to automatically learn to generate high-quality stealthy attacks which can achieve specific attack goals whilst bypassing a black box anomaly detector. Furthermore, we demonstrate the effectiveness of our framework for conducting stealthy attacks using two real-world ICS case studies. We contend that our results motivate greater attention on this area by the security community as we demonstrate that currently assumed barriers for the successful execution of such attacks are relaxed.

John Mern,Kyle Hatch,Ryan Silva,Cameron Hickert,Tamim Sookoor,Mykel J. Kochenderfer

DOI: https://doi.org/10.48550/arXiv.2111.02445

2021-11-03

Cryptography and Security

Abstract:Defending computer networks from cyber attack requires timely responses to alerts and threat intelligence. Decisions about how to respond involve coordinating actions across multiple nodes based on imperfect indicators of compromise while minimizing disruptions to network operations. Currently, playbooks are used to automate portions of a response process, but often leave complex decision-making to a human analyst. In this work, we present a deep reinforcement learning approach to autonomous response and recovery in large industrial control networks. We propose an attention-based neural architecture that is flexible to the size of the network under protection. To train and evaluate the autonomous defender agent, we present an industrial control network simulation environment suitable for reinforcement learning. Experiments show that the learned agent can effectively mitigate advanced attacks that progress with few observable signals over several months before execution. The proposed deep reinforcement learning approach outperforms a fully automated playbook method in simulation, taking less disruptive actions while also defending more nodes on the network. The learned policy is also more robust to changes in attacker behavior than playbook approaches.

Jiming Chen,Xiangshan Gao,Ruilong Deng,Yang He,Chongrong Fang,Peng Cheng

DOI: https://doi.org/10.1109/tdsc.2020.3037500

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Deploying machine learning (ML)-based intrusion detection systems (IDS) is an effective way to improve the security of industrial control systems (ICS). However, ML models themselves are vulnerable to adversarial examples, generated by deliberately adding subtle perturbation to the input sample that some people are not aware of, causing the model to give a false output with high confidence. In this article, our goal is to investigate the possibility of stealthy cyber attacks towards IDS, including injection attack, function code attack and reconnaissance attack, and enhance its robustness to adversarial attack. However, adversarial algorithms are subject to communication protocol and legal range of data in ICS, unlike only limited by the distance between original samples and newly generated samples in image domain. We propose two strategies - optimal solution attack and GAN attack - oriented to flexibility and volume of data, formulating an optimization problem to find stealthy attacks, where the former is appropriate for not too large and more flexible samples while the latter provides a more efficient solution for larger and not too flexible samples. Finally, we conduct experiments on a semi-physical ICS testbed with a high detection performance ensemble ML-based detector to show the effectiveness of our attacks. The results indicate that new samples of reconnaissance and function code attack produced by both optimal solution and GAN algorithm possess 80 percent higher probability to evade the detector, still maintaining the same attack effect. In the meantime, we adopt adversarial training as a method to defend against adversarial attack. After training on the mixture of orginal dataset and newly generated samples, the detector becomes more robust to adversarial examples.

Guo-Qiang Zeng,Jun-Min Shao,Kang-Di Lu,Guang-Gang Geng,Jian Weng

DOI: https://doi.org/10.1049/csy2.12117

2024-01-01

IET Cyber-Systems and Robotics

Abstract:With the development of deep learning and federated learning (FL), federated intrusion detection systems (IDSs) based on deep learning have played a significant role in securing industrial control systems (ICSs). However, adversarial attacks on ICSs may compromise the ability of deep learning‐based IDSs to accurately detect cyberattacks, leading to serious consequences. Moreover, in the process of generating adversarial samples, the selection of replacement models lacks an effective method, which may not fully expose the vulnerabilities of the models. The authors first propose an automated FL‐based method to generate adversarial samples in ICSs, called AFL‐GAS, which uses the principle of transfer attack and fully considers the importance of replacement models during the process of adversarial sample generation. In the proposed AFL‐GAS method, a lightweight neural architecture search method is developed to find the optimised replacement model composed of a combination of four lightweight basic blocks. Then, to enhance the adversarial robustness, the authors propose a multi‐objective neural architecture search‐based IDS method against adversarial attacks in ICSs, called MoNAS‐IDSAA, by considering both classification performance on regular samples and adversarial robustness simultaneously. The experimental results on three widely used intrusion detection datasets in ICSs, such as secure water treatment (SWaT), Water Distribution, and Power System Attack, demonstrate that the proposed AFL‐GAS method has obvious advantages in evasion rate and lightweight compared with other four methods. Besides, the proposed MoNAS‐IDSAA method not only has a better classification performance, but also has obvious advantages in model adversarial robustness compared with one manually designed federated adversarial learning‐based IDS method.

Xiangyin Kong,Zhiqiang Ge

DOI: https://doi.org/10.1109/tii.2021.3093386

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Neural-network-based soft sensors are widely employed in the industrial process. Such models have great significance to smart manufacturing. Considering the strict requirements of industrial production, it is vital to ensure the safety and robustness of these models in their actual deployment. However, recent research has shown that neural networks are quite vulnerable to adversarial attacks. By imposing tiny perturbation to the original sample, the fabricated adversarial sample can cheat these models to make wrong decisions. Such a phenomenon may bring serious trouble to the practical application of soft sensors. This article focuses on the adversarial attacks on industrial soft sensors. For the first time, we verify and analyze the effectiveness and deficiencies of the existing attack methods in the industrial soft sensor scenario. Based on solving these defects, this article proposes a novel perspective for attacking soft sensors. We analyze the optimization mechanism behind this new idea and then design two algorithms to perform attacks. The proposed methods more conform to the actual situation. Besides, compared with the existing approaches, the proposed methods have potentials to cause severer damages since their attacks are not only more concealed but also more likely to cheat the technicians to execute wrong operations. The research and analyses of the proposed methods lay a solid foundation for more thorough defenses against various attacks, which is quite necessary for making the deployed soft sensors more robust and secure.

Eirini Anthi,Lowri Williams,Matilda Rhode,Pete Burnap,Adam Wedgbury

DOI: https://doi.org/10.48550/arXiv.2004.05005

2020-04-10

Abstract:The proliferation and application of machine learning based Intrusion Detection Systems (IDS) have allowed for more flexibility and efficiency in the automated detection of cyber attacks in Industrial Control Systems (ICS). However, the introduction of such IDSs has also created an additional attack vector; the learning models may also be subject to cyber attacks, otherwise referred to as Adversarial Machine Learning (AML). Such attacks may have severe consequences in ICS systems, as adversaries could potentially bypass the IDS. This could lead to delayed attack detection which may result in infrastructure damages, financial loss, and even loss of life. This paper explores how adversarial learning can be used to target supervised models by generating adversarial samples using the Jacobian-based Saliency Map attack and exploring classification behaviours. The analysis also includes the exploration of how such samples can support the robustness of supervised models using adversarial training. An authentic power system dataset was used to support the experiments presented herein. Overall, the classification performance of two widely used classifiers, Random Forest and J48, decreased by 16 and 20 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.

Machine Learning,Cryptography and Security,Signal Processing

Yang Li,Quan Pan,Erik Cambria

DOI: https://doi.org/10.48550/arXiv.2205.00807

2022-05-02

Abstract:Recent adversarial attack developments have made reinforcement learning more vulnerable, and different approaches exist to deploy attacks against it, where the key is how to choose the right timing of the attack. Some work tries to design an attack evaluation function to select critical points that will be attacked if the value is greater than a certain threshold. This approach makes it difficult to find the right place to deploy an attack without considering the long-term impact. In addition, there is a lack of appropriate indicators of assessment during attacks. To make the attacks more intelligent as well as to remedy the existing problems, we propose the reinforcement learning-based attacking framework by considering the effectiveness and stealthy spontaneously, while we also propose a new metric to evaluate the performance of the attack model in these two aspects. Experimental results show the effectiveness of our proposed model and the goodness of our proposed evaluation metric. Furthermore, we validate the transferability of the model, and also its robustness under the adversarial training.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society

Jiadai Wang,Jiajia Liu,Hongzhi Guo,Bomin Mao

DOI: https://doi.org/10.1109/tii.2021.3128581

IF: 12.3

2022-06-01

IEEE Transactions on Industrial Informatics

Abstract:The development of software-defined industrial networks (SDIN) promotes the programmability and customizability of the industrial networks and is suitable to cope with the challenges brought by new manufacturing modes. For building more scalable and reliable SDIN, a distributed control plane with multicontroller collaboration becomes a promising option. However, as the brain of SDIN, the security of the distributed control plane is rarely considered. In addition to suffering direct attacks, each controller is also subjected to attacks propagated by other controllers because of information sharing or management domain takeover, resulting in the spread of attacks in a wider range than a single controller. Therefore, in this article, we study attacks against SDIN with distributed control plane, demonstrate their propagation across multiple controllers, and analyze their impacts. To the best of our knowledge, we are the first to study the security of SDIN with distributed control plane. In addition, since the existing defense mechanisms are not specifically designed for distributed SDIN and cannot defend it perfectly, we propose an attack mitigation scheme based on deep reinforcement learning to adaptively prevent the spread of attacks. Specifically, the novelty of our scheme lies in its ability of learning from the environment and flexibly adjusting the switch takeover decisions to isolate the attack source, so as to tolerate attacks and enhance the resilience of SDIN.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Chengwei Wu,Wei Pan,Rick Staa,Jianxing Liu,Guanghui Sun,Ligang Wu

DOI: https://doi.org/10.1016/j.automatica.2023.110999

IF: 6.4

2023-01-01

Automatica

Abstract:This paper investigates the deep reinforcement learning based secure control problem for cyber–physical systems (CPS) under false data injection attacks. We describe the CPS under attacks as a Markov decision process (MDP), based on which the secure controller design for CPS under attacks is formulated as an action policy learning using data. Rendering the soft actor–critic learning algorithm, a Lyapunov-based soft actor–critic learning algorithm is proposed to offline train a secure policy for CPS under attacks. Different from the existing results, not only the convergence of the learning algorithm but the stability of the system using the learned policy is proved, which is quite important for security and stability-critical applications. Finally, both a satellite attitude control system and a robot arm system are used to show the effectiveness of the proposed scheme, and comparisons between the proposed learning algorithm and the classical PD controller are also provided to demonstrate the advantages of the control algorithm designed in this paper.

Mariam Ibrahim,Ruba Elhafiz

DOI: https://doi.org/10.3390/pr12040801

IF: 3.5

2024-04-17

Processes

Abstract:Industrial control systems are often used to assist and manage an industrial operation. These systems' weaknesses in the various hierarchical structures of the system components and communication backbones make them vulnerable to cyberattacks that jeopardize their security. In this paper, the security of these systems is studied by employing a reinforcement learning extended attack graph to efficiently reveal the subsystems' flaws. Specifically, an attack graph that mimics the environment is constructed for the system using the state–action–reward–state–action technique, in which the agent is regarded as the attacker. Attackers may cause the greatest amount of system damage with the fewest possible actions if they have the highest cumulative reward. The worst-case assault scheme with a total reward of 42.9 was successfully shown in the results, and the most badly affected subsystems were recognized.

engineering, chemical

Zhenze Liu,Chunyang Wang,Weiping Wang

DOI: https://doi.org/10.1155/2022/2280871

IF: 1.43

2022-07-08

Mathematical Problems in Engineering

Abstract:In the open network environment, industrial control systems face huge security risks and are often subject to network attacks. The existing abnormal detection methods of industrial control networks have the problem of a low intelligence degree of adaptive detection and recognition. To overcome this problem, this article makes full use of the advantages of deep reinforcement learning in decision-making and builds a learning system with continuous learning ability. Specifically, industrial control network and deep reinforcement learning characteristics are applied to design a unique reward and learning mechanism. Moreover, an industrial control anomaly detection system based on deep reinforcement learning is constructed. Finally, we verify the algorithm on the gas pipeline industrial control dataset of Mississippi State University. The experimental results show that the convergence rate of this model is significantly higher than that of traditional deep learning methods. More importantly, this model can get a higher F1 score.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Mariam Elnour,Mohammad Noorizadeh,Mohammad Shakerpour,Nader Meskin,Khaled Khan,Raj Jain

DOI: https://doi.org/10.1109/access.2023.3303015

IF: 3.9

2023-08-22

IEEE Access

Abstract:In light of the advancement of the technologies used in industrial control systems, securing their operation has become crucial, primarily since their activity is consistently associated with integral elements related to the environment, the safety and health of people, the economy, and many others. This work presents a distributed, machine learning based attack detection and mitigation framework for sensor false data injection cyber-physical attacks in industrial control systems. It is developed using the system's standard operational data and validated using a hybrid testbed of a reverse osmosis plant. A MATLAB/Simulink-based simulation model of the process validated with actual data from a local plant is used. The control system is implemented using Siemens S7-1200 programmable logic controllers with 200SP Distributed Input/Output modules. The proposed solution can be adopted in the existing industrial control systems and demonstrated effective performance in real-time detection and mitigation of actual cyber-physical attacks launched by compromising the communication links between the process and the programmable logic controllers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Frantzy Mesadieu,Damiano Torre,Anitha Chennameneni

DOI: https://doi.org/10.1109/access.2024.3390722

IF: 3.9

2024-05-10

IEEE Access

Abstract:The prevalence of cyber-attacks perpetrated over the last two decades, including coordinated attempts to breach targeted organizations, has drastically and systematically exposed some of the more critical vulnerabilities existing in our cyber ecosystem. Particularly in Supervisory Control and Data Acquisition (SCADA) systems with targeted attacks aiming to bypass signature-based protocols, attempting to gain control over operational processes. In the past, researchers utilized deep learning and reinforcement learning algorithms to mitigate threats against industrial control systems (ICS). However, as technology evolves, these techniques become ineffective in monitoring and enhancing the cybersecurity defenses of those system against unwanted attacks. To address these concerns, we propose a deep reinforcement learning (DRL) framework for anomaly detection in the SCADA network. Our model utilizes a "Q-network", which allows it to achieve state-of-the-art performance in pattern recognition from complex tasks. We validated our solution on two publicly available datasets. The WUSTL-IIoT-2018 and the WUSTL-IIoT-2021, each comprised of twenty-five networking features representing benign and attack traffic. The results obtained shows that our model successfully achieved an accuracy of 99.36% in attack detection, highlighting DRL's potential to enhance the security of critical infrastructure and laying the foundation for future research in this domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Hu,Yuyan Sun,Youcheng Wang,Zhiliang Wang

DOI: https://doi.org/10.1109/access.2019.2949645

IF: 3.9

2019-01-01

IEEE Access

Abstract:Industrial Control Systems (ICS) play a very important role in national critical infrastructures. However, the growing interaction between the modern ICS and the Internet has made ICS more vulnerable to cyber attacks. In order to protect ICS from malicious attacks, intrusion detection technology emerges. By analyzing the network meta data or the industrial process data, Intrusion Detection Systems (IDS) can identify attacks that violate communication protocols or system specifications. However, the existing intrusion detection technology is not omnipotent, which opens up a back door for some more advanced attacks. In this work, we design an enhanced multi-stage semantic attack against ICS, which is undetectable by existing IDS. By hijacking the communication channels between the Human Machine Interface (HMI) and the remote Programmable Logic Controllers (PLCs), the attacker can manipulate the measurement data and control instructions simultaneously. The fake measurement data deceives the human operator into making wrong decisions. Furthermore, the attacker can strategically manipulate the semantic meaning of control instructions according to system state transition rules. In the meanwhile, a fake view of measurement data is presented to the HMI to conceal the on-going malicious attack. This attack is totally stealthy since the message sizes and timing, the command sequences, and the system state values are all legitimate. Consequently, this attack can secretly bring the system into critical states. Experimental results have verified the strong attack ability of the proposed attack.

Yi Li,Jing Lin,Kaiqi Xiong

DOI: https://doi.org/10.48550/arXiv.2008.11278

2020-08-30

Abstract:In a modern vehicle, there are over seventy Electronics Control Units (ECUs). For an in-vehicle network, ECUs communicate with each other by following a standard communication protocol, such as Controller Area Network (CAN). However, an attacker can easily access the in-vehicle network to compromise ECUs through a WLAN or Bluetooth. Though there are various deep learning (DL) methods suggested for securing in-vehicle networks, recent studies on adversarial examples have shown that attackers can easily fool DL models. In this research, we further explore adversarial examples in an in-vehicle network. We first discover and implement two adversarial attack models that are harmful to a Long Short Term Memory (LSTM)-based detection model used in the in-vehicle network. Then, we propose an Adversarial Attack Defending System (AADS) for securing an in-vehicle network. Specifically, we focus on brake-related ECUs in an in-vehicle network. Our experimental results demonstrate that adversaries can easily attack the LSTM-based detection model with a success rate of over 98%, and the proposed AADS achieves over 99% accuracy for detecting adversarial attacks.

Machine Learning,Cryptography and Security

Han Qiu,Tian Dong,Tianwei Zhang,Jialiang Lu,Gerard Memmi,Meikang Qiu

DOI: https://doi.org/10.1109/jiot.2020.3048038

IF: 10.6

2021-07-01

IEEE Internet of Things Journal

Abstract:Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sean Weerakkody,Yilin Mo,Bruno Sinopoli

DOI: https://doi.org/10.1109/cdc.2014.7039974

2014-01-01

Abstract:Ensuring the security of control systems against integrity attacks is a major challenge. Due to the events of Stuxnet, replay attacks in particular have been considered by the research community. Replaying previous measurements of a system in steady state allows an adversary to generate statistically correct virtual outputs which can bypass traditional detectors. The adversary can then inject destabilizing inputs to cause damage to the plant. The method of injecting secret noisy control inputs, or physical watermarking, has recently been proposed to detect replay attacks. However, the proposed watermarking design methods assume that the adversary does not use his potential access to real time communication channels to create stealthy virtual outputs to send to the defender. In this paper, we formulate an attack model for an adversary who uses knowledge of the system as well as access to a subset of real time control inputs and sensor outputs to construct stealthy virtual outputs. A robust physical watermark and detector to counter such an adversary is proposed.