[论文解读] A Deep Learning-based Framework for Conducting Stealthy Attacks in Industrial Control Systems
本文提出了一种基于生成对抗网络(GAN)的框架,通过学习生成能够逃避黑箱异常检测器的虚假传感器测量值,在对目标系统先验知识极少的情况下,实现隐蔽且高保真的工业控制系统(ICS)攻击。该方法在严格误报阈值下仍能实现高达90%的攻击成功率,表明当前的异常检测机制容易受到深度学习驱动的隐蔽攻击的影响。
Industrial control systems (ICS), which in many cases are components of critical national infrastructure, are increasingly being connected to other networks and the wider internet motivated by factors such as enhanced operational functionality and improved efficiency. However, set in this context, it is easy to see that the cyber attack surface of these systems is expanding, making it more important than ever that innovative solutions for securing ICS be developed and that the limitations of these solutions are well understood. The development of anomaly based intrusion detection techniques has provided capability for protecting ICS from the serious physical damage that cyber breaches are capable of delivering to them by monitoring sensor and control signals for abnormal activity. Recently, the use of so-called stealthy attacks has been demonstrated where the injection of false sensor measurements can be used to mimic normal control system signals, thereby defeating anomaly detectors whilst still delivering attack objectives. In this paper we define a deep learning-based framework which allows an attacker to conduct stealthy attacks with minimal a-priori knowledge of the target ICS. Specifically, we show that by intercepting the sensor and/or control signals in an ICS for a period of time, a malicious program is able to automatically learn to generate high-quality stealthy attacks which can achieve specific attack goals whilst bypassing a black box anomaly detector. Furthermore, we demonstrate the effectiveness of our framework for conducting stealthy attacks using two real-world ICS case studies. We contend that our results motivate greater attention on this area by the security community as we demonstrate that currently assumed barriers for the successful execution of such attacks are relaxed.
研究动机与目标
- 解决由于工业控制系统(ICS)连接性日益增强以及现有异常检测系统局限性所带来的网络物理系统损坏风险日益增加的问题。
- 探究深度学习是否能够在对目标系统动力学或协议了解极少的情况下,实现对 ICS 的隐蔽攻击。
- 开发一种框架,通过学习异常检测器的行为,自动生成高质量的虚假传感器测量值以绕过检测。
- 在不同检测阈值和攻击场景下,基于真实世界 ICS 数据集评估该框架的有效性。
- 揭示当前异常检测机制的脆弱性,并推动开发更稳健、纵深防御的 ICS 安全措施。
提出的方法
- 该框架采用生成对抗网络(GAN),其中生成器学习生成与正常系统行为高度相似的虚假传感器测量值。
- 生成器使用残差误差损失函数进行训练,以最小化基于异常检测器内部模型预测值与实际传感器读数之间的差异。
- 判别器被训练以区分真实传感器数据与生成的虚假数据,而生成器则同时学习通过最小化可检测偏差来欺骗检测器。
- 攻击过程具有自适应性:该框架会动态调整注入的虚假测量值的幅度,以保持相对于异常检测器预测值的低残差误差。
- 该方法在黑箱假设下运行,仅需在训练阶段拦截传感器和控制信号,无需详细的系统模型。
- 该框架使用两个真实世界 ICS 数据集(SWaT 和 WADI)进行评估,攻击成功率针对基于阈值和 CUSUM 的异常检测器进行测量。
实验结果
研究问题
- RQ1基于深度学习的框架是否能够在对目标系统动力学或协议了解极少的情况下,生成对 ICS 的隐蔽攻击?
- RQ2GAN 生成器在多大程度上能够通过最小化残差误差,生成可逃避黑箱异常检测系统的虚假传感器测量值?
- RQ3在不同误报率下,该框架在绕过不同类型异常检测器(包括基于阈值和 CUSUM 的模型)方面的有效性如何?
- RQ4部分系统知识(如仅能访问 PLC-传感器通道)对隐蔽攻击成功率有何影响?
- RQ5该框架控制注入测量值偏差幅度的能力如何影响攻击的隐蔽性与成功率?
主要发现
- 当所有 PLC-传感器通道被攻破时,基于 GAN 的框架在 CUSUM 异常检测器下实现了 90% 的攻击成功率,即使预期误报间隔为一小时。
- 在预期误报率为 0.01(即 1/100)时,攻击成功率仍保持在约 40%,表明其对检测具有极强的鲁棒性。
- 即使在误报间隔为三分钟的条件下,攻击成功率仍维持在约 20%,表明在实际检测设置下具有显著的隐蔽性。
- 该框架成功生成了高质量的虚假测量值,其行为与真实传感器数据高度一致,使得当前异常检测系统极难识别。
- 即使系统知识有限——仅攻破 PLC-AIT202 和 PLC-AIT203 通道——在 CUSUM 检测下仍实现了 80% 的成功率。
- 结果表明,当前异常检测机制的可靠性被高估,而基于深度学习的隐蔽攻击对 ICS 安全构成了可信威胁。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。