RADIANT: Reactive Autoencoder Defense for Industrial Adversarial Network Threats

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-03-07 DOI:10.1016/j.cose.2025.104403

Irfan Khan, Syed Wali, Yasir Ali Farrukh

{"title":"RADIANT: Reactive Autoencoder Defense for Industrial Adversarial Network Threats","authors":"Irfan Khan, Syed Wali, Yasir Ali Farrukh","doi":"10.1016/j.cose.2025.104403","DOIUrl":null,"url":null,"abstract":"<div><div>Machine learning-based Intrusion Detection Systems (IDS) have significantly enhanced operational efficiency in Industrial Control Systems (ICS), but they face a growing threat from Adversarial Machine Learning (AML) attacks. These attacks exploit vulnerabilities in IDS, leading to delayed threat detection, infrastructure compromise, financial losses, and service disruptions. Traditional approaches, such as adversarial retraining, are not only resource-intensive but also suffer from limited generalization, as they rely on training models with specific adversarial samples. Given the constantly evolving nature of adversarial attacks, it is impractical to train on all possible attack variations, leaving systems vulnerable to new and unforeseen threats. To address these limitations, this paper introduces Reactive Autoencoder Defense for Industrial Adversarial Network Threats (RADIANT), a novel IDS that mitigates adversarial threats without relying on retraining. By reconstructing input data and analyzing three distinct reconstruction errors, RADIANT effectively reduces the impact of adversarial perturbations. To evaluate RADIANT’s performance, we used a comprehensive assessment framework that compared it against state-of-the-art defenses and undefended baseline classifiers on real-world ICS data. The evaluation included advanced adversarial attacks, such as HopSkipJump and Zeroth-Order Optimization (ZOO), conducted under gray-box conditions. During ZOO attacks, RADIANT achieved an F1 score of 85.9%, significantly outperforming the baseline classifier’s 17.1% and demonstrating its robustness against adversarial threats. Similarly, under HopSkipJump attacks, RADIANT maintained a strong F1 score of 91.4%, far exceeding the baseline’s 20.5%. Additionally, when compared to state-of-the-art proactive defenses based on adversarial training, RADIANT consistently delivered a superior balance of precision, recall, and overall robustness, all without the need for adversarial retraining. These results highlight RADIANT’s practicality and effectiveness, offering reliable protection for ICS while addressing the increasing sophistication of AML attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104403"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000926","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Machine learning-based Intrusion Detection Systems (IDS) have significantly enhanced operational efficiency in Industrial Control Systems (ICS), but they face a growing threat from Adversarial Machine Learning (AML) attacks. These attacks exploit vulnerabilities in IDS, leading to delayed threat detection, infrastructure compromise, financial losses, and service disruptions. Traditional approaches, such as adversarial retraining, are not only resource-intensive but also suffer from limited generalization, as they rely on training models with specific adversarial samples. Given the constantly evolving nature of adversarial attacks, it is impractical to train on all possible attack variations, leaving systems vulnerable to new and unforeseen threats. To address these limitations, this paper introduces Reactive Autoencoder Defense for Industrial Adversarial Network Threats (RADIANT), a novel IDS that mitigates adversarial threats without relying on retraining. By reconstructing input data and analyzing three distinct reconstruction errors, RADIANT effectively reduces the impact of adversarial perturbations. To evaluate RADIANT’s performance, we used a comprehensive assessment framework that compared it against state-of-the-art defenses and undefended baseline classifiers on real-world ICS data. The evaluation included advanced adversarial attacks, such as HopSkipJump and Zeroth-Order Optimization (ZOO), conducted under gray-box conditions. During ZOO attacks, RADIANT achieved an F1 score of 85.9%, significantly outperforming the baseline classifier’s 17.1% and demonstrating its robustness against adversarial threats. Similarly, under HopSkipJump attacks, RADIANT maintained a strong F1 score of 91.4%, far exceeding the baseline’s 20.5%. Additionally, when compared to state-of-the-art proactive defenses based on adversarial training, RADIANT consistently delivered a superior balance of precision, recall, and overall robustness, all without the need for adversarial retraining. These results highlight RADIANT’s practicality and effectiveness, offering reliable protection for ICS while addressing the increasing sophistication of AML attacks.

查看原文本刊更多论文

辐射：工业对抗性网络威胁的反应式自编码器防御

基于机器学习的入侵检测系统（IDS）大大提高了工业控制系统（ICS）的运行效率，但它们面临着来自对抗性机器学习（AML）攻击的日益增长的威胁。这些攻击利用IDS中的漏洞，导致威胁检测延迟、基础设施受损、经济损失和服务中断。传统的方法，如对抗性再训练，不仅资源密集，而且泛化有限，因为它们依赖于具有特定对抗性样本的训练模型。鉴于对抗性攻击不断演变的本质，针对所有可能的攻击变化进行训练是不切实际的，这会使系统容易受到新的和不可预见的威胁。为了解决这些限制，本文介绍了针对工业对抗性网络威胁的反应式自动编码器防御（RADIANT），这是一种新型IDS，可以在不依赖再培训的情况下减轻对抗性威胁。通过重建输入数据和分析三种不同的重建误差，RADIANT有效地减少了对抗性扰动的影响。为了评估RADIANT的性能，我们使用了一个综合评估框架，将其与现实世界ICS数据上最先进的防御和未防御的基线分类器进行比较。评估包括在灰盒条件下进行的高级对抗性攻击，如HopSkipJump和零阶优化（ZOO）。在ZOO攻击期间，RADIANT获得了85.9%的F1分数，显著优于基线分类器的17.1%，并证明了其对对抗性威胁的鲁棒性。同样，在HopSkipJump攻击下，RADIANT保持了91.4%的F1得分，远远超过了基线的20.5%。此外，与基于对抗性训练的最先进的主动防御相比，RADIANT始终如一地提供了精度，召回率和整体稳健性的卓越平衡，所有这些都不需要对抗性再训练。这些结果突出了RADIANT的实用性和有效性，为ICS提供可靠的保护，同时应对日益复杂的“反洗钱”攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.