Adversarial feature generation for ML-based intrusion detection in the petrochemical industry

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-08-29 DOI:10.1016/j.jisa.2025.104215

Sardar Shan Ali Naqvi , Chunjie Zhou , Peihang Xu , Yahui Li , Jin Jiashu , Muhammad Uzair

{"title":"Adversarial feature generation for ML-based intrusion detection in the petrochemical industry","authors":"Sardar Shan Ali Naqvi , Chunjie Zhou , Peihang Xu , Yahui Li , Jin Jiashu , Muhammad Uzair","doi":"10.1016/j.jisa.2025.104215","DOIUrl":null,"url":null,"abstract":"<div><div>Machine learning-based intrusion detection systems (IDS) have been adopted widely to secure industrial control systems (ICS), including the petrochemical industry, against evolving cyber threats. However, recent studies show that these IDS are often ineffective against adversarial attacks. Therefore, in this study, we examine latent-space vulnerabilities in variational autoencoder (VAE)-based IDS by proposing an adversarial feature generation method, which manipulates the reconstructions of VAE and misclassifies intrusions as normal activity. By perturbing inputs to match latent representations with benign distributions, we demonstrate that VAEs are susceptible to evasion rates of 96% for Decision Tree (DT) and 100% for SVM classifiers, outperforming GAN-based attacks by 15% on a simulated fluid-catalytic cracking (FCC) dataset. Statistical validation using Wilcoxon test (<span><math><mrow><mi>p</mi><mo><</mo><mn>0</mn><mo>.</mo><mn>001</mn></mrow></math></span>) confirms that normalization processes linearly degrade reconstruction fidelity, exposing predictable adversarial dynamics. These findings emphasize the urgent need for adversarial training and compact latent-space designs to enhance the resilience of ML-based IDS in mission-critical petrochemical ICS.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104215"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002522","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Machine learning-based intrusion detection systems (IDS) have been adopted widely to secure industrial control systems (ICS), including the petrochemical industry, against evolving cyber threats. However, recent studies show that these IDS are often ineffective against adversarial attacks. Therefore, in this study, we examine latent-space vulnerabilities in variational autoencoder (VAE)-based IDS by proposing an adversarial feature generation method, which manipulates the reconstructions of VAE and misclassifies intrusions as normal activity. By perturbing inputs to match latent representations with benign distributions, we demonstrate that VAEs are susceptible to evasion rates of 96% for Decision Tree (DT) and 100% for SVM classifiers, outperforming GAN-based attacks by 15% on a simulated fluid-catalytic cracking (FCC) dataset. Statistical validation using Wilcoxon test (

p < 0.001

) confirms that normalization processes linearly degrade reconstruction fidelity, exposing predictable adversarial dynamics. These findings emphasize the urgent need for adversarial training and compact latent-space designs to enhance the resilience of ML-based IDS in mission-critical petrochemical ICS.

查看原文本刊更多论文

石化行业基于机器学习的入侵检测对抗特征生成

基于机器学习的入侵检测系统（IDS）已被广泛用于保护工业控制系统（ICS），包括石化行业，以抵御不断发展的网络威胁。然而，最近的研究表明，这些IDS通常对对抗性攻击无效。因此，在本研究中，我们通过提出一种对抗性特征生成方法来研究基于变分自编码器（VAE）的入侵检测系统的潜在空间漏洞，该方法操纵了VAE的重建，并将入侵错误地分类为正常活动。通过干扰输入以匹配潜在表征与良性分布，我们证明了vae对决策树（DT）和SVM分类器的逃避率分别为96%和100%，在模拟的流体催化裂化（FCC）数据集上，基于gan的攻击比基于gan的攻击高出15%。使用Wilcoxon检验（p<0.001）的统计验证证实，归一化过程线性降低了重建保真度，暴露出可预测的对抗动态。这些研究结果强调，迫切需要对抗性训练和紧凑的潜在空间设计，以增强关键任务石化ICS中基于ml的IDS的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.