Abstract
The proliferation and application of machine learning-based Intrusion Detection Systems (IDS) have allowed for more flexibility and efficiency in the automated detection of cyber attacks in Industrial Control Systems (ICS). However, the introduction of such IDSs has also created an additional attack vector; the learning models may also be subject to cyber attacks, otherwise referred to as Adversarial Machine Learning (AML). Such attacks may have severe consequences in ICS systems, as adversaries could potentially bypass the IDS. This could lead to delayed attack detection which may result in infrastructure damages, financial loss, and even loss of life. This paper explores how adversarial learning can be used to target supervised models by generating adversarial samples using the Jacobian-based Saliency Map attack and exploring classification behaviours. The analysis also includes the exploration of how such samples can support the robustness of supervised models using adversarial training. An authentic power system dataset was used to support the experiments presented herein. Overall, the classification performance of two widely used classifiers, Random Forest and J48, decreased by 6 and 11 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.
Highlights
Industrial Control Systems (ICS) play a key role in Critical National Infrastructure (CNI) concepts such as manufacturing, power/smart grids, water treatment plants, gas and oil refineries, and health-care
The remainder of this paper is structured as follows: Section 2 discusses the relevant work in this research area, Section 3 discusses the power system testbed and the generated dataset which is used to support the experiments in this paper, Section 4 evaluates the performance of a range of supervised classifiers, Section 5 discusses Adversarial Machine Learning (AML) and the methodology followed to generate adversarial samples, Section 7 investigates the effectiveness of adversarial training as a defence mechanism, and 8 concludes the paper
To explore how well supervised machine learning algorithms can detect cyber attacks in an ICS environment, the corresponding power system dataset was used to evaluate a range of state-of-the-art classifiers
Summary
Industrial Control Systems (ICS) play a key role in Critical National Infrastructure (CNI) concepts such as manufacturing, power/smart grids, water treatment plants, gas and oil refineries, and health-care. Complementary security solutions, such as passive process data monitoring, are promising [3] This has led to a substantial increase in research focusing on ICS tailored Intrusion Detection Systems (ICS). Due to their efficiency in detecting attacks, there has been a substantial increase in the application and integration of machine learning within IDSs That it cannot associate target values to, subsequently increasing the number of misclassifications The existence of such techniques means that infrastructures which incorporate machine learning-based IDSs may be at risk of being vulnerable to cyber attacks. The remainder of this paper is structured as follows: Section 2 discusses the relevant work in this research area, Section 3 discusses the power system testbed and the generated dataset which is used to support the experiments in this paper, Section 4 evaluates the performance of a range of supervised classifiers, Section 5 discusses AML and the methodology followed to generate adversarial samples, Section 7 investigates the effectiveness of adversarial training as a defence mechanism, and 8 concludes the paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
