Table of Contents
Fetching ...

Adversarial Sample Generation for Anomaly Detection in Industrial Control Systems

Abdul Mustafa, Muhammad Talha Khan, Muhammad Azmi Umer, Zaki Masood, Chuadhry Mujeeb Ahmed

TL;DR

This paper tackles the vulnerability of ML-based intrusion detectors in industrial control systems to adversarial examples by generating synthetic adversarial samples for SWaT time-series data using the Jacobian Saliency Map Attack (JSMA). It demonstrates that training detectors with these adversarial samples can improve robustness to unseen real-world attacks, achieving up to approximately 95% accuracy on SWaT attack data not used during training for classifiers such as CART and Gradient Boosting. The study analyzes attacker models, threat assumptions, and data-injection scenarios within the SWaT testbed, and provides a practical evaluation using CleverHans with an MLP baseline to produce adversarial samples that generalize beyond the training data. The results highlight the need for stronger defenses against AML in ICS and point to future work in expanding defenses, applying JSMA-style perturbations to other ICS datasets, and integrating ML-based IDS with additional security measures for resilient industrial infrastructures.

Abstract

Machine learning (ML)-based intrusion detection systems (IDS) are vulnerable to adversarial attacks. It is crucial for an IDS to learn to recognize adversarial examples before malicious entities exploit them. In this paper, we generated adversarial samples using the Jacobian Saliency Map Attack (JSMA). We validate the generalization and scalability of the adversarial samples to tackle a broad range of real attacks on Industrial Control Systems (ICS). We evaluated the impact by assessing multiple attacks generated using the proposed method. The model trained with adversarial samples detected attacks with 95% accuracy on real-world attack data not used during training. The study was conducted using an operational secure water treatment (SWaT) testbed.

Adversarial Sample Generation for Anomaly Detection in Industrial Control Systems

TL;DR

This paper tackles the vulnerability of ML-based intrusion detectors in industrial control systems to adversarial examples by generating synthetic adversarial samples for SWaT time-series data using the Jacobian Saliency Map Attack (JSMA). It demonstrates that training detectors with these adversarial samples can improve robustness to unseen real-world attacks, achieving up to approximately 95% accuracy on SWaT attack data not used during training for classifiers such as CART and Gradient Boosting. The study analyzes attacker models, threat assumptions, and data-injection scenarios within the SWaT testbed, and provides a practical evaluation using CleverHans with an MLP baseline to produce adversarial samples that generalize beyond the training data. The results highlight the need for stronger defenses against AML in ICS and point to future work in expanding defenses, applying JSMA-style perturbations to other ICS datasets, and integrating ML-based IDS with additional security measures for resilient industrial infrastructures.

Abstract

Machine learning (ML)-based intrusion detection systems (IDS) are vulnerable to adversarial attacks. It is crucial for an IDS to learn to recognize adversarial examples before malicious entities exploit them. In this paper, we generated adversarial samples using the Jacobian Saliency Map Attack (JSMA). We validate the generalization and scalability of the adversarial samples to tackle a broad range of real attacks on Industrial Control Systems (ICS). We evaluated the impact by assessing multiple attacks generated using the proposed method. The model trained with adversarial samples detected attacks with 95% accuracy on real-world attack data not used during training. The study was conducted using an operational secure water treatment (SWaT) testbed.
Paper Structure (15 sections, 4 equations, 5 figures, 3 tables)

This paper contains 15 sections, 4 equations, 5 figures, 3 tables.

Figures (5)

  • Figure 1: An overview of real-time SWaT system.
  • Figure 2: Illustration of SWaT testbed goh2016dataset.
  • Figure 3: Example of normal (a) and attack (b) data, tank water level readings from sensor LIT301.
  • Figure 4: An example of attack data, showing flow meter readings from sensor FIT501.
  • Figure 5: Proposed workflow for evaluating 36 SWaT cyber-attack events using real-world data from 51 sensors. The process includes supervised training with CART/RF/GBC and adversarial sample generation via JSMA.