Abstract

The proliferation and application of machine learning-based Intrusion Detection Systems (IDS) have allowed for more flexibility and efficiency in the automated detection of cyber attacks in Industrial Control Systems (ICS). However, the introduction of such IDSs has also created an additional attack vector; the learning models may also be subject to cyber attacks, otherwise referred to as Adversarial Machine Learning (AML). Such attacks may have severe consequences in ICS systems, as adversaries could potentially bypass the IDS. This could lead to delayed attack detection which may result in infrastructure damages, financial loss, and even loss of life. This paper explores how adversarial learning can be used to target supervised models by generating adversarial samples using the Jacobian-based Saliency Map attack and exploring classification behaviours. The analysis also includes the exploration of how such samples can support the robustness of supervised models using adversarial training. An authentic power system dataset was used to support the experiments presented herein. Overall, the classification performance of two widely used classifiers, Random Forest and J48, decreased by 6 and 11 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.

Highlights

  • Industrial Control Systems (ICS) play a key role in Critical National Infrastructure (CNI) concepts such as manufacturing, power/smart grids, water treatment plants, gas and oil refineries, and health-care

  • The remainder of this paper is structured as follows: Section 2 discusses the relevant work in this research area, Section 3 discusses the power system testbed and the generated dataset which is used to support the experiments in this paper, Section 4 evaluates the performance of a range of supervised classifiers, Section 5 discusses Adversarial Machine Learning (AML) and the methodology followed to generate adversarial samples, Section 7 investigates the effectiveness of adversarial training as a defence mechanism, and 8 concludes the paper

  • To explore how well supervised machine learning algorithms can detect cyber attacks in an ICS environment, the corresponding power system dataset was used to evaluate a range of state-of-the-art classifiers

Read more

Summary

Introduction

Industrial Control Systems (ICS) play a key role in Critical National Infrastructure (CNI) concepts such as manufacturing, power/smart grids, water treatment plants, gas and oil refineries, and health-care. Complementary security solutions, such as passive process data monitoring, are promising [3] This has led to a substantial increase in research focusing on ICS tailored Intrusion Detection Systems (ICS). Due to their efficiency in detecting attacks, there has been a substantial increase in the application and integration of machine learning within IDSs That it cannot associate target values to, subsequently increasing the number of misclassifications The existence of such techniques means that infrastructures which incorporate machine learning-based IDSs may be at risk of being vulnerable to cyber attacks. The remainder of this paper is structured as follows: Section 2 discusses the relevant work in this research area, Section 3 discusses the power system testbed and the generated dataset which is used to support the experiments in this paper, Section 4 evaluates the performance of a range of supervised classifiers, Section 5 discusses AML and the methodology followed to generate adversarial samples, Section 7 investigates the effectiveness of adversarial training as a defence mechanism, and 8 concludes the paper

Related work
Supervised machine learning
Industrial control system case study
Feature selection
Model training
Adversarial machine learning
Adversarial attack types
Attacker model
Adversarial sample generation methods
Evaluating supervised models on adversarial samples
Defending adversarial machine learning
Conclusion
Findings
Future work

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.