CISPA
Browse

On Practical Realization of Evasion Attacks for Industrial Control Systems

Download (1.93 MB)
conference contribution
posted on 2024-11-05, 11:24 authored by Alessandro Erba, Andres Murillo, Riccardo Taormina, Stefano Galelli, Nils Ole TippenhauerNils Ole Tippenhauer
In recent years, a number of evasion attacks for Industrial Control Systems have been proposed. During an evasion attack, the attacker attempts to hide ongoing process anomalies to avoid anomaly detection. Examples of such attacks range from replay attacks to adversarial machine learning techniques. Those attacks generally are applied to existing datasets with normal and anomalous data, to which the evasion attacks are added post-hoc. This represents a very strong attacker, who is effectively able to observe and manipulate data from anywhere in the system, in real-time, with zero processing delay, and no computational constraints. Prior work has shown that such strong attackers are theoretically difficult to detect by most existing countermeasures. So far, it is unclear if such an attack could be practically realized, and if there are challenges that would impair the attacker. In this work, we systematically discuss options for an attacker to mount evasion attacks in real-world ICS, and show the constraints that result from those options. To validate our findings, we design and implement a framework that allows the realization of evasion attacks and anomaly detection for ICS emulation. We demonstrate practical constraints that arise from different settings, and their effect on attack performance. For example, we found that network packet replay might trigger network errors, which will result in unexpected spoofing patterns.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

ACM International Workshop on Re-design Industrial Control Systems with Security (RICSS)

Journal

Proceedings of ACM International Workshop on Re-design Industrial Control Systems with Security (RICSS)

Open Access Type

  • Gold

BibTeX

@conference{Erba:Murillo:Taormina:Galelli:Tippenhauer:2024, title = "On Practical Realization of Evasion Attacks for Industrial Control Systems", author = "Erba, Alessandro" AND "Murillo, Andres" AND "Taormina, Riccardo" AND "Galelli, Stefano" AND "Tippenhauer, Nils Ole", year = 2024, month = 10, journal = "Proceedings of ACM International Workshop on Re-design Industrial Control Systems with Security (RICSS)", doi = "10.1145/3689930.3695213" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC