Deep Reinforcement Learning-Based Adversarial Attack and Defense in Industrial Control Systems
<p>A simplified scenario of the SWaT system.</p> "> Figure 2
<p>Overview of our deep reinforcement learning process for adversarial attacks.</p> "> Figure 3
<p>Deep neural network-based policy function.</p> "> Figure 4
<p>The actual and manipulated measurements of sensor LIT101 over 100 time steps.</p> "> Figure 5
<p>The actual and manipulated measurements of sensor FIT101 over 100 time steps.</p> "> Figure 6
<p>The actual and manipulated measurements of sensor FIT201 over 100 time steps.</p> "> Figure 7
<p>The actual and manipulated measurements of sensor LIT301 over 100 time steps.</p> ">
Abstract
:1. Introduction
2. Background
2.1. SWaT Testbed
2.2. Adversarial Attacks on Industrial Control Systems
3. Proposed Deep Reinforcement Learning for Adversarial Attack
3.1. Overview of Our Proposed Adversarial Attack Scheme
3.2. Proposed Actor–Critic Deep Learning Model
Algorithm 1 Training of deep reinforcement learning |
|
4. Performance Evaluation
4.1. Rule-Based Detection by Intrusion Detection System
- When actuator MV101 is in the ‘close’ state, the measurement of sensor FIT101 is less than 1 m3/h.
- When actuator MV101 is in the ‘open’ state, the measurement of sensor FIT101 is greater than 3 m3/h.
- When actuator MV101 is ‘open’ and actuator P101 is ‘off’, the measurement of sensor LIT101 at the current time step t increases by no more than 1 mm compared to the previous time step t − 1.
- When actuator MV101 is ‘close’ and actuator P101 is ‘on’, the measurement of sensor LIT101 at the current time step t decreases by no more than 0.8 mm compared to the previous time step t − 1.
- When actuator MV101 is ‘open’ and actuator P101 is ‘on’, the difference between the current measurement of sensor LIT101 at time step t and the previous time step t − 1 is within 0.2 mm.
- When actuator P101 is ‘on’ and actuator MV201 is ‘open’, the measurement of sensor LIT301 at the current time step t increases by no more than 0.4 mm compared to the previous time step t − 1.
4.2. Discussion of the Simulation Results
5. Conclusions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
Notation | Description |
The state at time step t in our proposed reinforcement learning model | |
The action at time step t in our proposed reinforcement learning model | |
The reward at time step t in our proposed reinforcement learning model | |
The third feature group in the state, which includes the indices of the sensors that our proposed adversarial attack scheme aims to manipulate | |
The number of sensor indices included in the third feature group, | |
The seventh feature group in the state includes the indices of sensors that measure the impact of our adversarial attack scheme on the target | |
The number of sensor indices included in the seventh feature group, | |
The experience at time step t, defined as | |
An episode representing the set of experiences determined from time step 1 to | |
A list for storing the episodes used to train our proposed reinforcement learning model | |
The neural network-based policy function with representing its network parameters | |
The neural network-based value function with representing its network parameters |
References
- Zeng, G.Q.; Shao, J.M.; Lu, K.D.; Geng, G.G.; Weng, J. Automated federated learning-based adversarial attack and defence in industrial control systems. IET Cyber Syst. Robot. 2024, 6, 1–19. [Google Scholar] [CrossRef]
- Urbina, D.; Giraldo, J.; Tippenhauer, N.O.; Cardenas, A. Attacking fieldbus communications in ICS: Applications to the SWaT testbed. In Proceedings of the Singapore Cyber-Security Conference (SG-CRC), Singapore, 14–15 January 2016; pp. 75–89. [Google Scholar]
- Slay, J.; Miller, M. Lessons learned from the maroochy water breach. In Proceedings of the Critical Infrastructure Protection, Hanover, NH, USA, 19–21 March 2007; pp. 73–82. [Google Scholar]
- Langner, R. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur. Priv. 2011, 9, 49–51. [Google Scholar] [CrossRef]
- Lee, R.M.; Assante, M.J.; Conway, T. German steel mill cyber attack. SANS Indust. Cont. Syst. 2014, 30, 1–15. [Google Scholar]
- Schuster, F.; Paul, A.; Rietz, R.; Koenig, H. Potentials of using one-class SVM for detecting protocol-specific anomalies in industrial networks. In Proceedings of the 2015 IEEE Symposium Series on Computational Intelligence, Cape Town, South Africa, 7–10 December 2015; pp. 83–90. [Google Scholar]
- Liu, W.; Qin, J.; Qu, H. Intrusion detection algorithm of industrial control network based on improved one-class support vector machine. J. Comput. Appl. 2018, 38, 1360–1365. [Google Scholar] [CrossRef]
- Fang, Y.; Li, M.; Wang, P.; Jiang, X.; Zhang, X. Intrusion detection model based on hybrid convolutional neural network and recurrent neural network. J. Comput. Appl. 2018, 38, 2903–2907. [Google Scholar]
- Chu, A.; Lai, Y.; Liu, J. Industrial control intrusion detection approach based on multiclassification GoogLeNet-LSTM model. Secur. Commun Netw. 2019, 1, 1–11. [Google Scholar] [CrossRef]
- Terai, A.; Abe, S.; Kojima, S.; Takano, Y.; Koshijima, I. Cyber-attack detection for industrial control system monitoring with support vector machine based on communication profile. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Paris, France, 26–28 April 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 132–138. [Google Scholar]
- Khan, I.A.; Pi, D.; Abbas, M.Z.; Zia, U.; Hussain, Y.; Soliman, H. Federated-SRUs: A federated-simple-recurrent-units-based IDS for accurate detection of cyber attacks against IoT-augmented industrial control systems. IEEE Int. Things J. 2022, 10, 8467–8476. [Google Scholar] [CrossRef]
- Erba, A. Real-time evasion attacks with physical constraints on deep learning-based anomaly detectors in industrial control systems. arXiv 2019, arXiv:1907.07487. [Google Scholar]
- Zizzo, G.; Hankin, C.; Maffeis, S.; Jones, K. Adversarial attacks on time-series intrusion detection for industrial control systems. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December 2020; pp. 899–910. [Google Scholar]
- Chen, J.; Gao, X.; Deng, R.; He, Y.; Fang, C.; Cheng, P. Generating adversarial examples against machine learning-based intrusion detector in industrial control systems. IEEE Trans. Dependable Secur. Comput. 2022, 19, 1810–1825. [Google Scholar] [CrossRef]
- Anthi, E.; Williams, L.; Rhode, M.; Burnap, P.; Wedgbury, A. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. J. Inf. Secur. Appl. 2021, 58, 1–9. [Google Scholar] [CrossRef]
- Gomez, A.L.P.; Maimo, L.F.; Celdran, A.H.; Clemente, F.J.G.; Cleary, F. A Crafting adversarial samples for anomaly detectors in industrial control systems. Procdia Comput. Sci. 2021, 184, 573–580. [Google Scholar] [CrossRef]
- Apruzzese, G.; Andreolini, M.; Ferretti, L.; Marchetti, M.; Colajanni, M. Modeling realistic adversarial attacks against network intrusion detection systems. Dig. Threat. Res. Pract. 2022, 3, 1–19. [Google Scholar] [CrossRef]
- Anton, S.D.; Kanoor, S.; Fraunholz, D.; Schotten, H.D. Evaluation of machine learning-based anomaly detection algorithms on an industrial modbus/tcp data set. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES ’18), New York, NY, USA, 27–30 August 2018; pp. 1–9. [Google Scholar]
- Mathur, A.P.; Tippenhauer, N.O. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the 2016 International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), Vienna, Austria, 11 April 2016; pp. 31–36. [Google Scholar]
- Goh, J.; Adepu, S.; Junejo, K.N.; Mathur, A. A dataset to support research in the design of secure water treatment systems. In Proceedings of the Critical Information Infrastructures Security, Paris, France, 10–12 October 2016; pp. 88–99. [Google Scholar]
- Yoong, C.H.; Palleti, V.R.; Maiti, R.R.; Silva, A.; Poskitt, M.C. Deriving invariant checkers for critical infrastructure using axiomatic design principles. Cybersecurity 2021, 4, 1–24. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kim, M.-S. Deep Reinforcement Learning-Based Adversarial Attack and Defense in Industrial Control Systems. Mathematics 2024, 12, 3900. https://doi.org/10.3390/math12243900
Kim M-S. Deep Reinforcement Learning-Based Adversarial Attack and Defense in Industrial Control Systems. Mathematics. 2024; 12(24):3900. https://doi.org/10.3390/math12243900
Chicago/Turabian StyleKim, Mun-Suk. 2024. "Deep Reinforcement Learning-Based Adversarial Attack and Defense in Industrial Control Systems" Mathematics 12, no. 24: 3900. https://doi.org/10.3390/math12243900
APA StyleKim, M. -S. (2024). Deep Reinforcement Learning-Based Adversarial Attack and Defense in Industrial Control Systems. Mathematics, 12(24), 3900. https://doi.org/10.3390/math12243900