Anomaly detection for cyber-physical systems is an effective method to detect ongoing process anomalies caused by an attacker. Recently, a number of anomaly detection techniques were proposed (e.g., ML based, invariant rule based, control theoretical). Little is known about the resilience of those anomaly detectors against attackers that conceal their attacks to evade detection. In particular, their resilience against white-box concealment attacks has so far only been investigated for the subset of neural network-based detectors. In this work, we demonstrate for the first time that white-box concealment attacks can also be applied to detectors that are not based on neural network solutions. In order to achieve this, we propose a generic white-box attack that evades anomaly detectors and can be adapted even if the target detection technique does not optimize a loss function. We design and implement a framework to perform our attacks, and test it on several detectors from related work. Our results show that it is possible to completely evade a wide range of detectors (based on diverse detection techniques) while reducing the number of samples that need to be manipulated (compared to prior black-box concealment attacks).
History
Preferred Citation
Alessandro Erba and Nils Tippenhauer. White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems. In: GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). 2023.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
Legacy Posted Date
2023-07-17
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3985,
title = "White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems",
author = "Erba, Alessandro and Tippenhauer, Nils Ole",
booktitle="{GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)}",
year="2023",
}