Anomaly detection for cyber-physical systems is an effective method to detect ongoing process anomalies caused by an attacker.
Recently, a number of anomaly detection techniques were proposed (e.g.,
ML based, invariant rule based, control theoretical). Little is known
about the resilience of those anomaly detectors against attackers that
conceal their attacks to evade detection. In particular, their resilience
against white-box concealment attacks has so far only been investigated
for the subset of neural network-based detectors. In this work, we demonstrate for the first time that white-box concealment attacks can also be
applied to detectors that are not based on neural network solutions. In
order to achieve this, we propose a generic white-box attack that evades
anomaly detectors and can be adapted even if the target detection technique does not optimize a loss function. We design and implement a
framework to perform our attacks, and test it on several detectors from
related work. Our results show that it is possible to completely evade
a wide range of detectors (based on diverse detection techniques) while
reducing the number of samples that need to be manipulated (compared
to prior black-box concealment attacks).
History
Primary Research Area
Threat Detection and Defenses
Name of Conference
GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
Journal
Proceedings of Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Open Access Type
Green
BibTeX
@conference{Erba:Tippenhauer:Tippenhauer:2023,
title = "White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems",
author = "Erba, Alessandro" AND "Tippenhauer, Nils Ole" AND "Tippenhauer, Nils Ole",
year = 2023,
month = 7,
journal = "Proceedings of Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)",
doi = "10.1007/978-3-031-35504-2_6"
}