Adversarial Attack Detection in Industrial Control Systems Using LSTM-Based Intrusion Detection and Black-Box Defense Strategies
Motaz Abdulaziz Almedires, Ahmed Elkhalil, Mohammed Amin
Abstract
In industrial control systems (ICS), neural networks are increasingly being utilized to detect intrusions. The term ICS refers to a group of controlling technology and associated equipment that includes the devices, systems, networks, and controllers that are used to manage and/or execute manufacturing processes. Each ICS is developed to successfully handle work digitally and operates differently depending on the business. ICS devices and procedures are now found in practically every industry sector and key infrastructure, including production, transportation, power, and treatment plants. To avoid detection, attackers who aim to inflict harm on an ICS may resort to techniques such as adversarial examples to mask their attacks. ICS-based autoregressive intrusion detection systems (IDSs) are the focus of this study because of the unique issues that arise when being attacked. The attacker here is an LSTM-based IDS that can compromise a ICSs subset of sensors. In the wild cyber-physical attacks take place in ICSs that are masked from the IDS by the attacker manipulating data provided to it. Automation of ICS intrusion detection has become more flexible and efficient thanks to the growth and use of IDSs based on machine learning. Adversarial machine learning (AML), a term coined to describe cyberattacks on learning models, has been formed developed in response to the advent of the IDS. In ICSs, such attacks can have disastrous repercussions if the IDS is bypassed. Delay in attack detection could lead to damage to infrastructure, financial loss, and even human life. In this study we are proposing a defense study method that have been effective in combatting adversarial threats to ICSs and to assess adversarial attacks successfully in real-world circumstances. We are proposing a security solution IDS which can detect an adversarial attack on the industrial control system. We were able in this study to detect a black box attack by conducting DDoS attack scenario trained by black box adversarial attack in the ICS environment and use data from an ICS to train a classification model and test the ability to detect cyber intrusions in a similar context using IDS.