It is well known that Cyber-Physical Systems (CPSs) are vulnerable to cyberattacks, and detection is usually achieved using machine learning-based Intrusion Detection Systems (IDSs). CPSs frequently have highly complex control logic, which, when maliciously manipulated, may lead to accidents. As control logic is not publicly available, here we propose a framework that can extract approximate control logic from the captured operational data flowing in the communication channel of a CPS. This approximate control logic is used to design stealthy adversarial samples with a very low footprint in terms of the number of sensor readings perturbed and the amount of sensor readings perturbed during sample generation. The proposed control logic induction framework involves four steps: cut-point generation, cut-point selection, boolean control rule extraction, and combining extracted control rules into control logic. Later, a control-logic-based stealthy adversarial sample generation technique was designed where the adversary possesses no knowledge regarding the targeted IDSs or their training data. Existing IDSs fail to recognize the stealthy adversarial samples in more than \(98\%\) of the cases. Even retraining the IDSs with adversarial samples generated using methods like GAN, FGSM, etc., fails to improve their resilience against stealthy attacks. On the contrary, retraining with stealthy samples improves the performance of IDSs not only against stealthy attacks but also against other types of adversarial attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SAAT: Stealthy Adversarial Attack on IDS in Cyber Physical Systems Using Control Logic Induction

  • Rajneesh Kumar Pandey,
  • Tanmoy Kanti Das

摘要

It is well known that Cyber-Physical Systems (CPSs) are vulnerable to cyberattacks, and detection is usually achieved using machine learning-based Intrusion Detection Systems (IDSs). CPSs frequently have highly complex control logic, which, when maliciously manipulated, may lead to accidents. As control logic is not publicly available, here we propose a framework that can extract approximate control logic from the captured operational data flowing in the communication channel of a CPS. This approximate control logic is used to design stealthy adversarial samples with a very low footprint in terms of the number of sensor readings perturbed and the amount of sensor readings perturbed during sample generation. The proposed control logic induction framework involves four steps: cut-point generation, cut-point selection, boolean control rule extraction, and combining extracted control rules into control logic. Later, a control-logic-based stealthy adversarial sample generation technique was designed where the adversary possesses no knowledge regarding the targeted IDSs or their training data. Existing IDSs fail to recognize the stealthy adversarial samples in more than \(98\%\) of the cases. Even retraining the IDSs with adversarial samples generated using methods like GAN, FGSM, etc., fails to improve their resilience against stealthy attacks. On the contrary, retraining with stealthy samples improves the performance of IDSs not only against stealthy attacks but also against other types of adversarial attacks.