• Corpus ID: 227334855

No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems

  title={No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems},
  author={Alessandro Erba and Nils Ole Tippenhauer},
In recent years, a number of process-based anomaly detection schemes for Industrial Control Systems were proposed. In this work, we provide the first systematic analysis of such schemes, and introduce a taxonomy of properties that are verified by those detection systems. We then present a novel general framework to generate adversarial spoofing signals that violate physical properties of the system, and use the framework to analyze four anomaly detectors published at top security conferences… 
Grounds for Suspicion: Physics-based Early Warnings for Stealthy Attacks on Industrial Control Systems
This paper proposes a framework to provide grounds for suspicion, i.e. preliminary indicators reflecting the likelihood of success of a stealthy attack, and proposes a metric to measure Grounds for suspicion in real-time and provides soundness principles to ensure that such a metric is consistent with the grounds for suspicions.
A False Sense of Security?: Revisiting the State of Machine Learning-Based Industrial Intrusion Detection
An evaluation methodology is developed and multiple approaches from literature are examined for their performance on unknown attacks, highlighting an ineffectiveness in detecting unknown attacks.
IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems
This work proposes IPAL, the authors' industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols, and proves IPAL’s correctness in a reproducibility study of related work, and showcases its unique benefits by studying the generalizability of existing approaches to new datasets.
Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation
There exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants, and a series of lessons learned in the attempt to meet these challenges in an operational plant are presented.
Code integrity attestation for PLCs using black box neural network predictions
This paper proposes a practical code integrity checking solution based on privacy-preserving black box models that instead attest the input/output behaviour of PLC programs and finds that it is not practically possible to simultaneously modify the PLC code and apply discreet adversarial noise to the authors' attesters in a way that leads to consistent (mis-)predictions.
Deriving invariant checkers for critical infrastructure using axiomatic design principles
This paper proposes a systematic method for deriving invariants from an analysis of a CPS design, based on principles of the axiomatic design methodology from design science, and applies it to two CPS testbeds, deriving a suite of invariant checkers that are able to detect a variety of singleand multi-stage attacks without any false positives.


Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems
Experimental results show that PASAD is capable of detecting not only significant deviations in the process behavior, but also subtle attack-indicating changes, significantly raising the bar for strategic adversaries who may attempt to maintain their malicious manipulation within the noise level.
Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems
This work investigates different approaches to evade prior-work reconstruction-based anomaly detectors by manipulating sensor data so that the attack is concealed, and proposes two novel attacks that manipulate a subset of the sensor readings, leveraging learned physical constraints of the system.
Limiting the Impact of Stealthy Attacks on Industrial Control Systems
The impact of stealthy attacks can be mitigated in several cases by the proper combination and configuration of detection schemes, and a new metric is proposed to measure the impact of Stealthy attacks.
A Deep Learning-based Framework for Conducting Stealthy Attacks in Industrial Control Systems
A deep learning-based framework which allows an attacker to conduct stealthy attacks with minimal a-priori knowledge of the target ICS is defined and it is contended that the results motivate greater attention on this area by the security community as they demonstrate that currently assumed barriers for the successful execution of such attacks are relaxed.
Intrusion Detection for Industrial Control Systems: Evaluation Analysis and Adversarial Attacks
A long short-term memory (LSTM) based intrusion detection system (IDS) which effectively detects cyber-physical attacks on a water treatment testbed representing a strong baseline IDS and model two different white box attackers for investigating adversarial attacks.
Evasion Attacks against Machine Learning at Test Time
This work presents a simple but effective gradient-based approach that can be exploited to systematically assess the security of several, widely-used classification algorithms against evasion attacks.
Efficient Cyber Attacks Detection in Industrial Control Systems Using Lightweight Neural Networks
This article examines an attack detection method based on simple and lightweight neural networks, namely, 1D convolutional neural networks and autoencoders and studies the proposed method’s robustness against adversarial attacks that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect.
Secure control against replay attacks
  • Yilin Mo, B. Sinopoli
  • Computer Science, Mathematics
    2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
  • 2009
This paper analyzes the effect of replay attacks on a control system and proposes a countermeasure that guarantees a desired probability of detection by trading off either detection delay or LQG performance, either by decreasing control accuracy or increasing control effort.
Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System
This paper proposes a novel approach for constructing models of CPS automatically, by applying supervised machine learning to data traces obtained after systematically seeding their software components with faults ("mutants").
A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems
It is shown that sets of invariant rules, far larger than those defined manually, can be successfully derived by the framework and that they may be used to deliver significant improvements in anomaly detection compared with the invariantrules defined by system engineers as well as the commonly used residual errorbased anomaly detection model for ICS.