{"title":"RADIANT: Reactive Autoencoder Defense for Industrial Adversarial Network Threats","authors":"Irfan Khan, Syed Wali, Yasir Ali Farrukh","doi":"10.1016/j.cose.2025.104403","DOIUrl":null,"url":null,"abstract":"<div><div>Machine learning-based Intrusion Detection Systems (IDS) have significantly enhanced operational efficiency in Industrial Control Systems (ICS), but they face a growing threat from Adversarial Machine Learning (AML) attacks. These attacks exploit vulnerabilities in IDS, leading to delayed threat detection, infrastructure compromise, financial losses, and service disruptions. Traditional approaches, such as adversarial retraining, are not only resource-intensive but also suffer from limited generalization, as they rely on training models with specific adversarial samples. Given the constantly evolving nature of adversarial attacks, it is impractical to train on all possible attack variations, leaving systems vulnerable to new and unforeseen threats. To address these limitations, this paper introduces Reactive Autoencoder Defense for Industrial Adversarial Network Threats (RADIANT), a novel IDS that mitigates adversarial threats without relying on retraining. By reconstructing input data and analyzing three distinct reconstruction errors, RADIANT effectively reduces the impact of adversarial perturbations. To evaluate RADIANT’s performance, we used a comprehensive assessment framework that compared it against state-of-the-art defenses and undefended baseline classifiers on real-world ICS data. The evaluation included advanced adversarial attacks, such as HopSkipJump and Zeroth-Order Optimization (ZOO), conducted under gray-box conditions. During ZOO attacks, RADIANT achieved an F1 score of 85.9%, significantly outperforming the baseline classifier’s 17.1% and demonstrating its robustness against adversarial threats. Similarly, under HopSkipJump attacks, RADIANT maintained a strong F1 score of 91.4%, far exceeding the baseline’s 20.5%. Additionally, when compared to state-of-the-art proactive defenses based on adversarial training, RADIANT consistently delivered a superior balance of precision, recall, and overall robustness, all without the need for adversarial retraining. These results highlight RADIANT’s practicality and effectiveness, offering reliable protection for ICS while addressing the increasing sophistication of AML attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104403"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000926","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Machine learning-based Intrusion Detection Systems (IDS) have significantly enhanced operational efficiency in Industrial Control Systems (ICS), but they face a growing threat from Adversarial Machine Learning (AML) attacks. These attacks exploit vulnerabilities in IDS, leading to delayed threat detection, infrastructure compromise, financial losses, and service disruptions. Traditional approaches, such as adversarial retraining, are not only resource-intensive but also suffer from limited generalization, as they rely on training models with specific adversarial samples. Given the constantly evolving nature of adversarial attacks, it is impractical to train on all possible attack variations, leaving systems vulnerable to new and unforeseen threats. To address these limitations, this paper introduces Reactive Autoencoder Defense for Industrial Adversarial Network Threats (RADIANT), a novel IDS that mitigates adversarial threats without relying on retraining. By reconstructing input data and analyzing three distinct reconstruction errors, RADIANT effectively reduces the impact of adversarial perturbations. To evaluate RADIANT’s performance, we used a comprehensive assessment framework that compared it against state-of-the-art defenses and undefended baseline classifiers on real-world ICS data. The evaluation included advanced adversarial attacks, such as HopSkipJump and Zeroth-Order Optimization (ZOO), conducted under gray-box conditions. During ZOO attacks, RADIANT achieved an F1 score of 85.9%, significantly outperforming the baseline classifier’s 17.1% and demonstrating its robustness against adversarial threats. Similarly, under HopSkipJump attacks, RADIANT maintained a strong F1 score of 91.4%, far exceeding the baseline’s 20.5%. Additionally, when compared to state-of-the-art proactive defenses based on adversarial training, RADIANT consistently delivered a superior balance of precision, recall, and overall robustness, all without the need for adversarial retraining. These results highlight RADIANT’s practicality and effectiveness, offering reliable protection for ICS while addressing the increasing sophistication of AML attacks.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.