short-paper

Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning

Authors:

Muhammad Azmi Umer,

Chuadhry Mujeeb Ahmed,

Muhammad Taha Jilani,

Aditya P. MathurAuthors Info & Claims

CPSIoTSec '21: Proceedings of the 2th Workshop on CPS&IoT Security and Privacy

Pages 35 - 40

https://doi.org/10.1145/3462633.3483976

Published: 15 November 2021 Publication History

Abstract

Adversarial learning is used to test the robustness of machine learning algorithms under attack and create attacks that deceive the anomaly detection methods in Industrial Control System (ICS). Given that security assessment of an ICS demands that an exhaustive set of possible attack patterns is studied, in this work, we propose an association rule mining-based attack generation technique. The technique has been implemented using data from a Secure Water Treatment plant. The proposed technique was able to generate more than 110,000 attack patterns constituting a vast majority of new attack vectors which were not seen before. Automatically generated attacks improve our understanding of the potential attacks and enable the design of robust attack detection techniques.

References

[1]

S. Adepu and A. Mathur. 2016. Generalized Attacker and Attack Models for Cyber Physical Systems. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. 283--292.

[2]

Rakesh Agrawal, Tomasz Imieliński, and Arun Swami. 1993. Mining Association Rules Between Sets of Items in Large Databases. In ICMD, Vol. 22. ACM, New York, NY, USA, 207--216.

Digital Library

[3]

Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, and Aditya Mathur. 2021 a. Scanning the Cycle: Timing-Based Authentication on PLCs (ASIA CCS '21). ACM, New York, NY, USA, 886--900.

[4]

Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, and Aditya P. Mathur. 2017. WADI: A Water Distribution Testbed for Research in the Design of Secure Cyber Physical Systems. In CysWater. ACM, NY, USA, 25--28.

Digital Library

[5]

Chuadhry Mujeeb Ahmed, Muhammad Azmi Umer, Beebi Siti Salimah Binte Liyakkathali, Muhammad Taha Jilani, and Jianying Zhou. 2021 b. Machine Learning for CPS Security: Applications, Challenges and Recommendations. In Machine Intelligence for Cybersecurity Applications. Springer, 397--421.

[6]

Chuadhry Mujeeb Ahmed and Jianying Zhou. 2020. Challenges and Opportunities in Cyberphysical Systems Security: A Physics-Based Perspective. IEEE Security Privacy, Vol. 18, 6 (2020), 14--22.

[7]

Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: synthetic minority over-sampling technique. Journal of artificial intelligence research, Vol. 16 (2002), 321--357.

[8]

Pamel Cobb. 2015. German Steel Mill Meltdown: Rising Stakes in the Internet of Things. https://securityintelligence.com/german-steel-mill-meltdown-rising-stakes-in-the-internet-of-things/.

[9]

Alessandro Erba, Riccardo Taormina, Stefano Galelli, Marcello Pogliani, Michele Carminati, Stefano Zanero, and Nils Ole Tippenhauer. 2019. Real-time Evasion Attacks with Physical Constraints on Deep Learning-based Anomaly Detectors in Industrial Control Systems. (07 2019).

[10]

Cheng Feng, Tingting Li, Zhanxing Zhu, and Deeph Chana. 2017. A deep learning-based framework for conducting stealthy attacks in industrial control systems. arXiv preprint arXiv:1709.06397 (2017).

[11]

Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2017. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In CRITIS. Springer, Cham, 88--99.

[12]

iTrust. 2021. Dataset and Models. https://itrust.sutd.edu.sg/itrust-labs_datasets/dataset_info/.

[13]

Yifan Jia, Jingyi Wang, Christopher M. Poskitt, Sudipta Chattopadhyay, Jun Sun, and Yuqi Chen. 2021. Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems. International Journal of Critical Infrastructure Protection, Vol. 34 (2021), 100452.

Digital Library

[14]

Moshe Kravchik, Battista Biggio, and Asaf Shabtai. 2020. Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems. arXiv preprint arXiv:2012.15740 (2020).

[15]

Zilong Lin, Yong Shi, and Zhi Xue. 2019. IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. arxiv: 1809.02077 [cs.CR]

[16]

Robert Lipovsky. 2016. New wave of cyber attacks against Ukrainian power industry. http://www.welivesecurity.com/2016/01/11.

[17]

A. P. Mathur and N. O. Tippenhauer. 2016. SWaT: A water treatment testbed for research and training on ICS security. In International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater). IEEE, USA, 31--36.

[18]

Truong Son Pham, Quang Uy Nguyen, and Xuan Hoai Nguyen. 2014. Generating artificial attack data for intrusion detection using machine learning. In Proceedings of the Fifth Symposium on Information and Communication Technology. 286--291.

Digital Library

[19]

Marco Rocchetto and Nils Ole Tippenhauer. 2016. On Attacker Models and Profiles for Cyber-Physical Systems. Springer International Publishing, Cham, 427--449.

[20]

Georg Steinbuß. 2020. Calibration and Evaluation of Outlier Detection with Generated Data. Ph.D. Dissertation. Karlsruher Institut für Technologie (KIT). https://doi.org/10.5445/IR/1000120534

[21]

Muhammad Azmi Umer, Aditya Mathur, Khurum Nazir Junejo, and Sridhar Adepu. 2017. Integrating design and data centric approaches to generate invariants for distributed attack detection. In Proceedings of the 2017 workshop on cyber-physical systems security and privacy. 131--136.

Digital Library

[22]

Muhammad Azmi Umer, Aditya Mathur, Khurum Nazir Junejo, and Sridhar Adepu. 2020. Generating invariants using design and data-centric approaches for distributed attack detection. IJCIP, Vol. 28 (2020), 100341.

[23]

Sharon Weinberger. 2011. Computer security: Is this the start of cyberwarfare? Nature, Vol. 174 (June 2011), 142--145.

[24]

Giulio Zizzo, Chris Hankin, Sergio Maffeis, and Kevin Jones. 2020. Adversarial Attacks on Time-Series Intrusion Detection for Industrial Control Systems. In (TrustCom). IEEE.

Cited By

Mehmood MBaig ZSyed N(2024)Securing Industrial Control Systems (ICS) Through Attack Modelling and Rule-Based Learning2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10426882(598-602)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10426882
Rabie OSelvarajan SAlghazzawi DKumar AHasan SAsghar M(2023)A security model for smart grid SCADA systems using stochastic neural networkIET Generation, Transmission & Distribution10.1049/gtd2.1294317:20(4541-4553)Online publication date: Aug-2023
https://doi.org/10.1049/gtd2.12943
Hudani DHaseeb MTaufiq MUmer MKandasamy NGupta MKhorsandroo SAbdelsalam M(2022)A Data-Centric Approach to Generate Invariants for a Smart Grid Using Machine LearningProceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3510547.3517927(31-36)Online publication date: 18-Apr-2022
https://dl.acm.org/doi/10.1145/3510547.3517927
Show More Cited By

Index Terms

Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning

Recommendations

DDoSniffer: Detecting DDoS attack at the source agents

Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite the existing defence mechanisms, attackers manage to build large sets of impersonated hosts. Our approach consists in detecting DDoS directly on these ...
Adversarial Attack on Microarchitectural Events based Malware Detectors
DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

To overcome the performance overheads incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classifiers has emerged as a panacea to detect malicious applications ...
Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification
Abstract
Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSIoTSec '21: Proceedings of the 2th Workshop on CPS&IoT Security and Privacy

November 2021

76 pages

ISBN:9781450384872

DOI:10.1145/3462633

General Chair:
Michail Maniatakos
New York University Abu Dhabi, UAE
,
Program Chair:
Cristina Alcaraz
University of Malaga, Spain

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Research Foundation, and Cybersecurity Agency of Singapore

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15, 2021

Virtual Event, Republic of Korea

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
326
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)7

Reflects downloads up to 30 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mehmood MBaig ZSyed N(2024)Securing Industrial Control Systems (ICS) Through Attack Modelling and Rule-Based Learning2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10426882(598-602)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10426882
Rabie OSelvarajan SAlghazzawi DKumar AHasan SAsghar M(2023)A security model for smart grid SCADA systems using stochastic neural networkIET Generation, Transmission & Distribution10.1049/gtd2.1294317:20(4541-4553)Online publication date: Aug-2023
https://doi.org/10.1049/gtd2.12943
Hudani DHaseeb MTaufiq MUmer MKandasamy NGupta MKhorsandroo SAbdelsalam M(2022)A Data-Centric Approach to Generate Invariants for a Smart Grid Using Machine LearningProceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3510547.3517927(31-36)Online publication date: 18-Apr-2022
https://dl.acm.org/doi/10.1145/3510547.3517927
Koay AKo RHettema HRadke K(2022)Machine learning in industrial control system (ICS) security: current landscape, opportunities and challengesJournal of Intelligent Information Systems10.1007/s10844-022-00753-160:2(377-405)Online publication date: 12-Oct-2022
https://dl.acm.org/doi/10.1007/s10844-022-00753-1

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents