Practical Evaluation of Poisoning Attacks on Online Anomaly Detectors in Industrial Control Systems

Recently, neural networks (NNs) have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to cope with the evolution of the monitored signals over time. However, by exploiting this mechanism, an attacker can fake the signals provided by corrupted sensors at training time and poison the learning process of the detector to allow cyber attacks to stay undetected at test time. Previous work explored the ability to generate adversarial samples that fool anomaly detection models in ICSs but without compromising their training process. With this research, we are the first to demonstrate such poisoning attacks on ICS cyber attack online detectors based on neural networks. We propose two distinct attack algorithms, namely, interpolation- and back-gradient-based poisoning, and demonstrate their effectiveness. The evaluation is conducted on diverse data sources: synthetic data, real-world ICS testbed data, and a simulation of the Tennessee Eastman process. This first practical evaluation of poisoning attacks using a simulation tool highlights the challenges of poisoning dynamically controlled systems. The generality of the proposed methods under different NN parameters and architectures is studied. Lastly, we propose and analyze some potential mitigation strategies.