Adversarial Attacks and Mitigation for Anomaly Detectors of Cyber-Physical Systems
Yifan Jia, Jingyi Wang, Christopher M. Poskitt, Sudipta Chattopadhyay,, Jun Sun, Yuqi Chen
TL;DR
This paper introduces a novel adversarial attack on cyber-physical system anomaly detectors that evades both neural network-based detectors and rule checkers, demonstrating significant effectiveness and exploring mitigation strategies.
Contribution
It presents a gradient-based adversarial attack optimized with a genetic algorithm to deceive both neural and rule-based detectors in CPSs, a novel approach in this domain.
Findings
Successfully reduced detection accuracy by over 50%
Attacks evaded both neural detectors and rule checkers
Training on adversarial samples offers potential mitigation
Abstract
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers(or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.