CISPA
Browse
cispa_all_3809.pdf (1.11 MB)

Assessing Model-free Anomaly Detection in Industrial Control Systems Against Generic Concealment Attacks

Download (1.11 MB)
conference contribution
posted on 2023-11-29, 18:22 authored by Alessandro ErbaAlessandro Erba, Nils Ole TippenhauerNils Ole Tippenhauer
In recent years, a number of model-free process-based anomaly detection schemes for Industrial Control Systems (ICS) were proposed. Model-free anomaly detectors are trained directly from process data and do not require process knowledge. They are validated based on a set of public data with limited attacks present. As result, the resilience of those schemes against general concealment attacks is unclear. In addition, no structured discussion on the properties verified by the detectors exists. In this work, we provide the first systematic analysis of such anomaly detection schemes, focusing on six model-free process-based anomaly detectors. We hypothesize that the detectors verify a combination of temporal, spatial, and statistical consistencies. To test this, we systematically analyse their resilience against generic concealment attacks. Our generic concealment attacks are designed to violate a specific consistency verified by the detector, and require no knowledge of the attacked physical process or the detector. In addition, we compare against prior work attacks that were designed to attack neural network-based detectors. Our results demonstrate that the evaluated model-free detectors are in general susceptible to generic concealment attacks. For each evaluated detector, at least one of our generic concealment attacks performs better than prior work attacks. In particular, the results allow us to show which specific consistencies are verified by each detector. We also find that prior work attacks that target neural-network architectures transfer surprisingly well against other architectures.

History

Preferred Citation

Alessandro Erba and Nils Tippenhauer. Assessing Model-free Anomaly Detection in Industrial Control Systems Against Generic Concealment Attacks. In: Annual Computer Security Applications Conference (ACSAC). 2022.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Annual Computer Security Applications Conference (ACSAC)

Legacy Posted Date

2022-10-12

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3809, title = "Assessing Model-free Anomaly Detection in Industrial Control Systems Against Generic Concealment Attacks", author = "Erba, Alessandro and Tippenhauer, Nils Ole", booktitle="{Annual Computer Security Applications Conference (ACSAC)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC