Adversarial attacks on time-series intrusion detection for industrial control systems
File(s)TrustCom21 accepted.pdf (705.25 KB)
Accepted version
Author(s)
Zizzo, Giulio
Hankin, Chris
Maffeis, sergio
Jones, Kevin
Type
Conference Paper
Abstract
Neural networks are increasingly used for intrusion
detection on industrial control systems (ICS). With neural
networks being vulnerable to adversarial examples, attackers
who wish to cause damage to an ICS can attempt to hide
their attacks from detection by using adversarial example
techniques. In this work we address the domain specific
challenges of constructing such attacks against autoregressive
based intrusion detection systems (IDS) in a ICS setting.
We model an attacker that can compromise a subset of
sensors in a ICS which has a LSTM based IDS. The attacker
manipulates the data sent to the IDS, and seeks to hide the
presence of real cyber-physical attacks occurring in the ICS.
We evaluate our adversarial attack methodology on the
Secure Water Treatment system when examining solely continuous data, and on data containing a mixture of discrete and
continuous variables. In the continuous data domain our attack
successfully hides the cyber-physical attacks requiring 2.87 out
of 12 monitored sensors to be compromised on average. With
both discrete and continuous data our attack required, on
average, 3.74 out of 26 monitored sensors to be compromised.
detection on industrial control systems (ICS). With neural
networks being vulnerable to adversarial examples, attackers
who wish to cause damage to an ICS can attempt to hide
their attacks from detection by using adversarial example
techniques. In this work we address the domain specific
challenges of constructing such attacks against autoregressive
based intrusion detection systems (IDS) in a ICS setting.
We model an attacker that can compromise a subset of
sensors in a ICS which has a LSTM based IDS. The attacker
manipulates the data sent to the IDS, and seeks to hide the
presence of real cyber-physical attacks occurring in the ICS.
We evaluate our adversarial attack methodology on the
Secure Water Treatment system when examining solely continuous data, and on data containing a mixture of discrete and
continuous variables. In the continuous data domain our attack
successfully hides the cyber-physical attacks requiring 2.87 out
of 12 monitored sensors to be compromised on average. With
both discrete and continuous data our attack required, on
average, 3.74 out of 26 monitored sensors to be compromised.
Date Acceptance
2020-09-30
Citation
IEEE TrustCom 2020
Publisher
Institute of Electrical and Electronics Engineers
Journal / Book Title
IEEE TrustCom 2020
Copyright Statement
© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Source
The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Start Date
2020-12-29
Coverage Spatial
Online