[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3412841.3441892acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Poisoning attacks on cyber attack detectors for industrial control systems

Published: 22 April 2021 Publication History

Abstract

Recently, neural network (NN)-based methods, including autoencoders, have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to cope with the natural evolution (i.e., concept drift) of the monitored signals. However, by exploiting this mechanism, an attacker can fake the signals provided by corrupted sensors at training time and poison the learning process of the detector such that cyber attacks go undetected at test time. With this research, we are the first to demonstrate such poisoning attacks on ICS cyber attack online NN detectors. We propose two distinct attack algorithms, namely, interpolation- and back-gradient based poisoning, and demonstrate their effectiveness on both synthetic and real-world ICS data. We also discuss and analyze some potential mitigation strategies.

References

[1]
Chuadhry Mujeeb Ahmed, Jianying Zhou, and Aditya P Mathur. 2018. Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in cps. In Proc. 34th Annual Computer Security Applications Conference. 566--581.
[2]
Alessandro Erba, Riccardo Taormina, Stefano Galelli, Marcello Pogliani, Michele Carminati, Stefano Zanero, and Nils Ole Tippenhauer. 2019. Real-time evasion attacks with physical constraints on deep learning-based anomaly detectors in industrial control systems. arXiv preprint arXiv:1907.07487 (2019).
[3]
Cheng Feng, Tingting Li, Zhanxing Zhu, and Deeph Chana. 2017. A deep learning-based framework for conducting stealthy attacks in industrial control systems. arXiv preprint arXiv:1709.06397 (2017).
[4]
Amin Ghafouri, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. 2018. Adversarial regression for detecting attacks in cyber-physical systems. In Proc. 27th Int'l Joint Conf. Artificial Intelligence. 3769--3775.
[5]
Jairo Giraldo, Esha Sarkar, Alvaro A Cardenas, Michail Maniatakos, and Murat Kantarcioglu. 2017. Security and privacy in cyber-physical systems: A survey of surveys. IEEE Design & Test 34, 4 (2017), 7--17.
[6]
Jairo Giraldo, David Urbina, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Computing Surveys (CSUR) 51, 4 (2018), 76.
[7]
Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In Int'l Conference on Critical Information Infrastructures Security. Springer, 88--99.
[8]
Jonathan Goh, Sridhar Adepu, Marcus Tan, and Zi Shan Lee. 2017. Anomaly detection in cyber physical systems using recurrent neural networks. In 18th Int'l Symp. High Assurance Systems Engineering (HASE). IEEE, 140--145.
[9]
Ian Goodfellow, Yoshua Bengio, Aaron Courville, and Yoshua Bengio. 2016. Deep learning. Vol. 1. MIT press Cambridge.
[10]
Amir Herzberg and Yehonatan Kfir. 2019. The chatty-sensor: a provably-covert channel in cyber physical systems. In Proc. 35th Annual Computer Security Applications Conference. 638--649.
[11]
Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-physical systems security --- A survey. IEEE Internet of Things Journal 4, 6 (2017), 1802--1831.
[12]
Jun Inoue, Yoriyuki Yamagata, Yuqi Chen, Christopher M Poskitt, and Jun Sun. 2017. Anomaly detection for a water treatment system using unsupervised machine learning. In Int'l Conf. Data Mining Workshops. IEEE, 1058--1065.
[13]
Jonguk Kim, Jeong-Han Yun, and Hyoung Chun Kim. 2019. Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In Computer Security. Springer, 3--18.
[14]
Moshe Kravchik and Asaf Shabtai. 2018. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. 2018 Workshop on Cyber-Physical Systems Security and PrivaCy. ACM, 72--83.
[15]
Moshe Kravchik and Asaf Shabtai. 2019. Efficient cyber attacks detection in industrial control systems using lightweight neural networks. arXiv preprint arXiv:1907.01216 (2019).
[16]
Qin Lin, Sridha Adepu, Sicco Verwer, and Aditya Mathur. 2018. TABOR: a graphical model-based approach for anomaly detection in industrial control systems. In Proc. 2018 on Asia Conf. Comp. Comm. Sec. ACM, 525--536.
[17]
Dougal Maclaurin, David Duvenaud, and Ryan Adams. 2015. Gradient-based hyperparameter optimization through reversible learning. In Int'l Conference on Machine Learning. 2113--2122.
[18]
Pooria Madani and Natalija Vlajic. 2018. Robustness of deep autoencoder in intrusion detection under adversarial contamination. In Proc. 5th Annual Symp. and Bootcamp on Hot Topics in the Science of Security. ACM, 1.
[19]
Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. Comput. Surveys 46, 4 (2014), 55.
[20]
Luis Muñoz-González, Battista Biggio, Ambra Demontis, Andrea Paudice, Vasin Wongrassamee, Emil C Lupu, and Fabio Roli. 2017. Towards poisoning of deep learning algorithms with back-gradient optimization. In Proc. 10th ACM Workshop on Artificial Intelligence and Security. ACM, 27--38.
[21]
Mykola Pechenizkiy, Jorn Bakker, I Žliobaitė, Andriy Ivannikov, and Tommi Kärkkäinen. 2010. Online mass flow prediction in CFB boilers with explicit detection of sudden concept drift. ACM SIGKDD Explorations Newsletter 11, 2 (2010), 109--116.
[22]
Waldir Ribeiro Pires, Thiago H de Paula Figueiredo, Hao Chi Wong, and Antonio Alfredo Ferreira Loureiro. 2004. Malicious node detection in wireless sensor networks. In 18th Int'l Parallel and Distributed Processing Symp. IEEE, 24.
[23]
Gelli Ravikumar, Burhan Hyder, and Manimaran Govindarasu. 2020. Next-Generation CPS Testbed-based Grid Exercise-Synthetic Grid, Attack, and Defense Modeling. In 2020 Resilience Week (RWS). IEEE, 92--98.
[24]
Ishai Rosenberg, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2018. Generic black-box end-to-end attack against state of the art API call based malware classifiers. In Int'l Symp. Res. Attacks, Intrusions, and Defenses. Springer, 490--510.
[25]
Benjamin IP Rubinstein, Blaine Nelson, Ling Huang, Anthony D Joseph, Shinghon Lau, Satish Rao, Nina Taft, and J Doug Tygar. 2009. Antidote: understanding and defending against poisoning of anomaly detectors. In Proc. 9th ACM SIGCOMM conference on Internet measurement. 1--14.
[26]
Ali Shafahi, W Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein. 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. In Adv. Neural Inf. Proc. Sys. 6103--6113.
[27]
Elaine Shi and Adrian Perrig. 2004. Designing secure sensor networks. IEEE Wireless Communications 11, 6 (2004), 38--43.
[28]
Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras. 2018. When does machine learning FAIL? generalized transferability for evasion and poisoning attacks. In 27th USENIX Sec. Symp. 1299--1316.
[29]
Riccardo Taormina and Stefano Galelli. 2018. Deep-learning approach to the detection and localization of cyber-physical attacks on water distribution systems. Journal of Water Resources Planning and Management 144, 10 (2018), 04018065.
[30]
Riccardo Taormina, Stefano Galelli, Nils Ole Tippenhauer, Elad Salomons, Avi Ostfeld, Demetrios G Eliades, Mohsen Aghashahi, Raanju Sundararajan, Mohsen Pourahmadi, M Katherine Banks, et al. 2018. Battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks. Journal of Water Resources Planning and Management 144, 8 (2018), 04018048.
[31]
Xiaojun Zhou, Zhen Xu, Liming Wang, Kai Chen, Cong Chen, and Wei Zhang. 2018. APT attack analysis in SCADA systems. In MATEC Web of Conferences, Vol. 173. EDP Sciences, 01010.
[32]
Giulio Zizzo, Chris Hankin, Sergio Maffeis, and Kevin Jones. 2019. Adversarial machine learning beyond the image domain. In 2019 56th ACM/IEEE Design Automation Conference (DAC). IEEE, 1--4.
[33]
Giulio Zizzo, Chris Hankin, Sergio Maffeis, and Kevin Jones. 2019. Intrusion Detection for Industrial Control Systems: Evaluation Analysis and Adversarial Attacks. arXiv preprint arXiv:1911.04278 (2019).

Cited By

View all
  • (2025)Toward Identifying Cyber Dependencies in Water Distribution Systems Using Causal AIJournal of Water Resources Planning and Management10.1061/JWRMD5.WRENG-6488151:2Online publication date: Feb-2025
  • (2024)Edge-Assisted Label-Flipping Attack Detection in Federated LearningIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.34968725(7278-7300)Online publication date: 2024
  • (2024)DeeBBAA: A Benchmark Deep Black-Box Adversarial Attack Against Cyber–Physical Power SystemsIEEE Internet of Things Journal10.1109/JIOT.2024.345425711:24(40670-40688)Online publication date: 15-Dec-2024
  • Show More Cited By
  1. Poisoning attacks on cyber attack detectors for industrial control systems

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing
    March 2021
    2075 pages
    ISBN:9781450381048
    DOI:10.1145/3412841
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 22 April 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. adversarial machine learning
    2. adversarial robustness
    3. anomaly detection
    4. autoencoders
    5. industrial control systems
    6. poisoning attacks

    Qualifiers

    • Research-article

    Funding Sources

    • Horizon 2020 research and innovation programme

    Conference

    SAC '21
    Sponsor:
    SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing
    March 22 - 26, 2021
    Virtual Event, Republic of Korea

    Acceptance Rates

    Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

    Upcoming Conference

    SAC '25
    The 40th ACM/SIGAPP Symposium on Applied Computing
    March 31 - April 4, 2025
    Catania , Italy

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)96
    • Downloads (Last 6 weeks)10
    Reflects downloads up to 19 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Toward Identifying Cyber Dependencies in Water Distribution Systems Using Causal AIJournal of Water Resources Planning and Management10.1061/JWRMD5.WRENG-6488151:2Online publication date: Feb-2025
    • (2024)Edge-Assisted Label-Flipping Attack Detection in Federated LearningIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.34968725(7278-7300)Online publication date: 2024
    • (2024)DeeBBAA: A Benchmark Deep Black-Box Adversarial Attack Against Cyber–Physical Power SystemsIEEE Internet of Things Journal10.1109/JIOT.2024.345425711:24(40670-40688)Online publication date: 15-Dec-2024
    • (2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
    • (2024)Adversarial machine learning threat analysis and remediation in Open Radio Access Network (O-RAN)Journal of Network and Computer Applications10.1016/j.jnca.2024.104090(104090)Online publication date: Dec-2024
    • (2024)Industrial cyber-physical systems protectionComputers and Security10.1016/j.cose.2023.103531135:COnline publication date: 10-Jan-2024
    • (2024)An analytical survey of cyber‐physical systems in water treatment and distributionSecurity and Privacy10.1002/spy2.4407:6Online publication date: 4-Jul-2024
    • (2024)A systematic literature review on past attack analysis on industrial control systemsTransactions on Emerging Telecommunications Technologies10.1002/ett.500435:6Online publication date: 31-May-2024
    • (2023)Evaluating the Cybersecurity Risk of Real-world, Machine Learning Production SystemsACM Computing Surveys10.1145/355910455:9(1-36)Online publication date: 16-Jan-2023
    • (2023)Enhancing Cyber Security in Industrial Internet of Things Systems: An Experimental Assessment2023 12th Mediterranean Conference on Embedded Computing (MECO)10.1109/MECO58584.2023.10155100(1-5)Online publication date: 6-Jun-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media