A Methodology for Evaluating the Robustness of Anomaly Detectors to Adversarial Attacks in Industrial Scenarios
Autor: | Lorenzo Fernández Maimó, Javier Maroto, Alberto Huertas Celdrán, Félix Jesús Garcia Clemente, Ángel Luis Perales Gómez, Gérôme Bovet |
---|---|
Přispěvatelé: | University of Zurich, Perales Gómez, Ángel L |
Rok vydání: | 2022 |
Předmět: |
perturbation methods
industries General Computer Science 10009 Department of Informatics 2208 Electrical and Electronic Engineering industrial control systems evasion attacks General Engineering deep learning robustness 000 Computer science knowledge & systems neural networks 2500 General Materials Science adversarial attacks machine learning 2200 General Engineering General Materials Science 1700 General Computer Science transforms Electrical and Electronic Engineering detectors |
Zdroj: | IEEE Access. 10:124582-124594 |
ISSN: | 2169-3536 |
DOI: | 10.1109/access.2022.3224930 |
Popis: | Anomaly Detection systems based on Machine and Deep learning are the most promising solutions to detect cyberattacks in the industry. However, these techniques are vulnerable to adversarial attacks that downgrade prediction performance. Several techniques have been proposed to measure the robustness of Anomaly Detection in the literature. However, they do not consider that, although a small perturbation in an anomalous sample belonging to an attack, i.e., Denial of Service, could cause it to be misclassified as normal while retaining its ability to damage, an excessive perturbation might also transform it into a truly normal sample, with no real impact on the industrial system. This paper presents a methodology to calculate the robustness of Anomaly Detection models in industrial scenarios. The methodology comprises four steps and uses a set of additional models called support models to determine if an adversarial sample remains anomalous. We carried out the validation using the Tennessee Eastman process, a simulated testbed of a chemical process. In such a scenario, we applied the methodology to both a Long-Short Term Memory (LSTM) neural network and 1-dimensional Convolutional Neural Network (1D-CNN) focused on detecting anomalies produced by different cyberattacks. The experiments showed that 1D-CNN is significantly more robust than LSTM for our testbed. Specifically, a perturbation of 60% (empirical robustness of 0.6) of the original sample is needed to generate adversarial samples for LSTM, whereas in 1D-CNN the perturbation required increases up to 111% (empirical robustness of 1.11). |
Databáze: | OpenAIRE |
Externí odkaz: |