CISPA
Browse

White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems

Download (838.47 kB)
conference contribution
posted on 2024-11-05, 12:10 authored by Alessandro Erba, Nils Ole Tippenhauer, Nils Ole TippenhauerNils Ole Tippenhauer
Anomaly detection for cyber-physical systems is an effective method to detect ongoing process anomalies caused by an attacker. Recently, a number of anomaly detection techniques were proposed (e.g., ML based, invariant rule based, control theoretical). Little is known about the resilience of those anomaly detectors against attackers that conceal their attacks to evade detection. In particular, their resilience against white-box concealment attacks has so far only been investigated for the subset of neural network-based detectors. In this work, we demonstrate for the first time that white-box concealment attacks can also be applied to detectors that are not based on neural network solutions. In order to achieve this, we propose a generic white-box attack that evades anomaly detectors and can be adapted even if the target detection technique does not optimize a loss function. We design and implement a framework to perform our attacks, and test it on several detectors from related work. Our results show that it is possible to completely evade a wide range of detectors (based on diverse detection techniques) while reducing the number of samples that need to be manipulated (compared to prior black-box concealment attacks).

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)

Journal

Proceedings of Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)

Open Access Type

  • Green

BibTeX

@conference{Erba:Tippenhauer:Tippenhauer:2023, title = "White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems", author = "Erba, Alessandro" AND "Tippenhauer, Nils Ole" AND "Tippenhauer, Nils Ole", year = 2023, month = 7, journal = "Proceedings of Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)", doi = "10.1007/978-3-031-35504-2_6" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC