RADIANT: Reactive Autoencoder Defense for Industrial Adversarial Network Threats

Abstract

Machine learning-based Intrusion Detection Systems (IDS) have significantly enhanced operational efficiency in Industrial Control Systems (ICS), but they face a growing threat from Adversarial Machine Learning (AML) attacks. These attacks exploit vulnerabilities in IDS, leading to delayed threat detection, infrastructure compromise, financial losses, and service disruptions. Traditional approaches, such as adversarial retraining, are not only resource-intensive but also suffer from limited generalization, as they rely on training models with specific adversarial samples. Given the constantly evolving nature of adversarial attacks, it is impractical to train on all possible attack variations, leaving systems vulnerable to new and unforeseen threats. To address these limitations, this paper introduces Reactive Autoencoder Defense for Industrial Adversarial Network Threats (RADIANT), a novel IDS that mitigates adversarial threats without relying on retraining. By reconstructing input data and analyzing three distinct reconstruction errors, RADIANT effectively reduces the impact of adversarial perturbations. To evaluate RADIANT’s performance, we used a comprehensive assessment framework that compared it against state-of-the-art defenses and undefended baseline classifiers on real-world ICS data. The evaluation included advanced adversarial attacks, such as HopSkipJump and Zeroth-Order Optimization (ZOO), conducted under gray-box conditions. During ZOO attacks, RADIANT achieved an F1 score of 85.9%, significantly outperforming the baseline classifier’s 17.1% and demonstrating its robustness against adversarial threats. Similarly, under HopSkipJump attacks, RADIANT maintained a strong F1 score of 91.4%, far exceeding the baseline’s 20.5%. Additionally, when compared to state-of-the-art proactive defenses based on adversarial training, RADIANT consistently delivered a superior balance of precision, recall, and overall robustness, all without the need for adversarial retraining. These results highlight RADIANT’s practicality and effectiveness, offering reliable protection for ICS while addressing the increasing sophistication of AML attacks.