G-VAE: Variational autoencoder-based adversarial attacks and defenses in industrial control systems

Abstract

The industrial control domain is increasingly focused on addressing the cybersecurity challenges posed by adversarial sample attacks. A key difficulty in such attacks on industrial control systems (ICS) is the failure to account for the complex dependencies among various features, making it challenging to learn the relationships between multiple sensors and establish constraints for representing multidimensional data in this domain. Additionally, defending against adversarial samples is hindered by the existence of multiple detection methods and the challenge of creating a defense model without being aware of adversarial samples beforehand. To tackle these challenges, this paper proposes a gated recurrent unit (GRU)-based variational autoencoder (VAE) method for both attacking and defending against adversarial samples. Our approach involves training a GRU model to understand the intrinsic interactions among sensors and then adding perturbations to generate adversarial samples that adhere to feature constraints. On the defense side, we introduce a VAE Feature Weight (VAE-FW) method, which operates without explicit information about the adversarial samples. To make sure that characteristics with the worst prediction outcomes do not dominate anomaly scores in VAE-FW, we equalize the prediction errors across various features. Experiments conducted on three real-world sensor datasets demonstrate that our adversarial attack method significantly enhances attack efficiency while confirming its effectiveness. Furthermore, our defense method, VAE-FW, detects anomalies with greater accuracy than current baseline anomaly detection methods, achieving an average increase of 28.8% in AUC values.