Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems (2012.03586v2)

Published 7 Dec 2020 in cs.CR and cs.LG

Abstract: In recent years, a number of process-based anomaly detection schemes for Industrial Control Systems were proposed. In this work, we provide the first systematic analysis of such schemes, and introduce a taxonomy of properties that are verified by those detection systems. We then present a novel general framework to generate adversarial spoofing signals that violate physical properties of the system, and use the framework to analyze four anomaly detectors published at top security conferences. We find that three of those detectors are susceptible to a number of adversarial manipulations (e.g., spoofing with precomputed patterns), which we call Synthetic Sensor Spoofing and one is resilient against our attacks. We investigate the root of its resilience and demonstrate that it comes from the properties that we introduced. Our attacks reduce the Recall (True Positive Rate) of the attacked schemes making them not able to correctly detect anomalies. Thus, the vulnerabilities we discovered in the anomaly detectors show that (despite an original good detection performance), those detectors are not able to reliably learn physical properties of the system. Even attacks that prior work was expected to be resilient against (based on verified properties) were found to be successful. We argue that our findings demonstrate the need for both more complete attacks in datasets, and more critical analysis of process-based anomaly detectors. We plan to release our implementation as open-source, together with an extension of two public datasets with a set of Synthetic Sensor Spoofing attacks as generated by our framework.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS), pages 449–460. ACM, 2016.
  2. Noiseprint: Attack detection using sensor and process noise fingerprint in cyber physical systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS ’18, pages 483–497, New York, NY, USA, 2018. ACM.
  3. Truth will out: Departure-based process-level detection of stealthy attacks on control systems. In Proc. of the ACM Conference on Computer and Communications Security (CCS), CCS ’18, pages 817–831, New York, NY, USA, 2018. ACM.
  4. Evasion attacks against machine learning at test time. In Hendrik Blockeel, Kristian Kersting, Siegfried Nijssen, and Filip Železný, editors, Machine Learning and Knowledge Discovery in Databases, pages 387–402, 2013.
  5. Hardware and software architecture for state estimation on an experimental low-cost small-scaled helicopter. Control Engineering Practice, 18(7):733–746, 2010.
  6. Time series: theory and methods: theory and methods. Springer Science & Business Media, 1991.
  7. Chi-Tsong Chen. Linear System Theory and Design. Oxford University Press, Inc., USA, 3rd edition, 1998.
  8. Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. In Proc. of the IEEE Symposium on Security and Privacy, pages 648–660. IEEE, 2018.
  9. Detecting attacks against robotic vehicles: A control invariant approach. In Proc. of the ACM Conference on Computer and Communications Security (CCS), pages 801–816. ACM, 2018.
  10. Out of control: stealthy attacks against robotic vehicles protected by control-based techniques. In Proceedings of the 35th Annual Computer Security Applications Conference, pages 660–672, 2019.
  11. Constrained concealment attacks against reconstruction-based anomaly detectors in industrial control systems. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2020.
  12. A deep learning-based framework for conducting stealthy attacks in industrial control systems. arXiv preprint arXiv:1709.06397, 2017.
  13. A systematic framework to generate invariants for anomaly detection in industrial control systems. In Proc. Network and Distributed System Security Symp. (NDSS), 2019.
  14. Introduction to industrial control networks. IEEE Communications Surveys and Tutorials, 15(2):860–880, 2013.
  15. Hey, my malware knows physics! attacking plcs with physical model aware rootkit. In Proceedings of the Annual Network & Distributed System Security Symposium (NDSS), February 2017.
  16. A dataset to support research in the design of secure water treatment systems. In International Conference on Critical Information Infrastructures Security (CRITIS), pages 88–99. Springer, 2016.
  17. Anomaly detection in cyber physical systems using recurrent neural networks. In High Assurance Systems Engineering (HASE), 2017 IEEE 18th International Symposium on, pages 140–145. IEEE, 2017.
  18. Explaining and harnessing adversarial examples. CoRR, abs/1412.6572, 2014.
  19. Exploiting correlations to detect false data injections in low-density wireless sensor networks. In Proceedings of the 5th on Cyber-Physical System Security Workshop, pages 1–12. ACM, 2019.
  20. Adversarial machine learning. In Proceedings of the 4th ACM workshop on Security and artificial intelligence, pages 43–58. ACM, 2011.
  21. Detecting malicious data injections in wireless sensor networks: A survey. ACM Computing Surveys (CSUR), 48(2):24, 2015.
  22. WADI datatset, 2017. https://itrust.sutd.edu.sg/research/dataset/dataset_characteristics/#wadi, Last accessed on: 2019-01-30.
  23. Novel techniques to reduce search space in multiple minimum supports-based frequent pattern mining algorithms. In Proceedings of the 14th international conference on extending database technology, pages 11–20. ACM, 2011.
  24. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pages 72–83. ACM, 2018.
  25. Efficient cyber attacks detection in industrial control systems using lightweight neural networks. arXiv preprint arXiv:1907.01216, 2019.
  26. Ghost talk: Mitigating emi signal injection attacks against analog sensors. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 145–159. IEEE, 2013.
  27. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), April 2016.
  28. Yilin Mo and B. Sinopoli. Secure control against replay attacks. In Communication, Control, and Computing, 2009. Allerton 2009. 47th Annual Allerton Conference on, pages 911–918, 2009.
  29. Secure control against replay attacks. In Communication, Control, and Computing, 2009. Allerton 2009. 47th Annual Allerton Conference on, pages 911–918. IEEE, 2009.
  30. Battle of the water calibration networks. JOURNAL OF WATER RESOURCES PLANNING AND MANAGEMENT-ASCE, 138:523–532, 09 2012.
  31. Savior: Securing autonomous vehicles with robust physical invariants. In Proc. of the USENIX Security Symposium, Boston, MA, August 2020.
  32. Drift with devil: Security of multi-sensor fusion based localization in high-level autonomous driving under GPS spoofing. In 29th USENIX Security Symposium (USENIX Security 20), pages 931–948. USENIX Association, August 2020.
  33. A toolbox for assessing the impacts of cyber-physical attacks on water distribution systems. environmental modelling software. Environmental Modelling Software, 112:46–51, 02 2019.
  34. A deep learning approach for the detection and localization of cyber-physical attacks on water distribution systems. Journal of Water Resources Planning Management, 144(10):04018065, 2018.
  35. The battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks. Journal of Water Resources Planning and Management, 144(8), August 2018.
  36. Trick or heat? manipulating critical temperature-based control systems using rectification attacks. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, page 2301–2315, New York, NY, USA, 2019. Association for Computing Machinery.
  37. Limiting the impact of stealthy attacks on industrial control systems. In Proc. of the ACM Conference on Computer and Communications Security (CCS), October 2016.
  38. Attacking fieldbus communications in ICS: Applications to the SWaT testbed. In Proceedings of Singapore Cyber Security Conference (SG-CRC), January 2016.
  39. Sharon Weinberger. Computer security: Is this the start of cyberwarfare? Nature, 174:142–145, June 2011.
  40. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. DEF CON, 24, 2016.
  41. Intrusion detection for industrial control systems: Evaluation analysis and adversarial attacks. arXiv preprint arXiv:1911.04278, 2019.
Citations (13)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now