Adversarial Attacks on Supervised Energy-Based Anomaly Detection in Clean Water Systems

Abstract

Critical National Infrastructure includes large networks such as telecommunications, transportation, health services, police, nuclear power plants, and utilities like clean water, gas, and electricity. The protection of these infrastructures is crucial, as nations depend on their operation and stability. However, cyberattacks on such systems appear to be increasing in both frequency and severity. Various machine learning approaches have been employed for anomaly detection in Critical National Infrastructure, given their success in identifying both known and unknown attacks with high accuracy. Nevertheless, these systems are vulnerable to adversarial attacks. Hackers can manipulate the system and deceive the models, causing them to misclassify malicious events as benign, and vice versa. This paper evaluates the robustness of traditional machine learning techniques, such as Support Vector Machines (SVMs) and Logistic Regression (LR), as well as Artificial Neural Network (ANN) algorithms against adversarial attacks, using a novel dataset captured from a model of a clean water treatment system. Our methodology includes four attack categories: random label flipping, targeted label flipping, the Fast Gradient Sign Method (FGSM), and Jacobian-based Saliency Map Attack (JSMA). Our results show that, while some machine learning algorithms are more robust to adversarial attacks than others, a hacker can manipulate the dataset using these attack categories to disturb the machine learning-based anomaly detection system, allowing the attack to evade detection.