Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Adversarial Attack Detection in Industrial Control Systems Using LSTM-Based Intrusion Detection and Black-Box Defense Strategies

by 

Motaz Abdulaziz Almedires ;

Ahmed Elkhalil ;

Mohammed Amin

PDF logoPDF

Published: 2025/05/05

Abstract

In industrial control systems (ICS), neural networks are increasingly being utilized to detect intrusions. The term ICS refers to a group of controlling technology and associated equipment that includes the devices, systems, networks, and controllers that are used to manage and/or execute manufacturing processes. Each ICS is developed to successfully handle work digitally and operates differently depending on the business. ICS devices and procedures are now found in practically every industry sector and key infrastructure, including production, transportation, power, and treatment plants. To avoid detection, attackers who aim to inflict harm on an ICS may resort to techniques such as adversarial examples to mask their attacks. ICS-based autoregressive intrusion detection systems (IDSs) are the focus of this study because of the unique issues that arise when being attacked. The attacker here is an LSTM-based IDS that can compromise a ICSs subset of sensors. In the wild cyber-physical attacks take place in ICSs that are masked from the IDS by the attacker manipulating data provided to it. Automation of ICS intrusion detection has become more flexible and efficient thanks to the growth and use of IDSs based on machine learning. Adversarial machine learning (AML), a term coined to describe cyberattacks on learning models, has been formed developed in response to the advent of the IDS. In ICSs, such attacks can have disastrous repercussions if the IDS is bypassed. Delay in attack detection could lead to damage to infrastructure, financial loss, and even human life. In this study we are proposing a defense study method that have been effective in combatting adversarial threats to ICSs and to assess adversarial attacks successfully in real-world circumstances. We are proposing a security solution IDS which can detect an adversarial attack on the industrial control system. We were able in this study to detect a black box attack by conducting DDoS attack scenario trained by black box adversarial attack in the ICS environment and use data from an ICS to train a classification model and test the ability to detect cyber intrusions in a similar context using IDS.

Keywords

Industrial Control Systems (ICSs)Adversarial Attack DetectionLSTMIntrusion DetectionBlack-Box Defense Strategies

Doi Link

https://doi.org/10.63180/jcsra.thestap.2025.3.2

How to Cite the Article

Almedires, M. A., Elkhalil, A., & Amin, M. (2025). Adversarial Attack Detection in Industrial Control Systems Using LSTM-Based Intrusion Detection and Black-Box Defense Strategies. Journal of Cyber Security and Risk Auditing, 2025(3), 4–22. https://doi.org/10.63180/jcsra.thestap.2025.3.2

Adversarial Attack Detection in Industrial Control Systems Using LSTM-Based Intrusion Detection and Black-Box Defense Strategies is licensed under CC BY 4.0CCBY

References

  1. M. Krotofil and D. Gollmann, "Industrial control systems security: What is happening?" in 2013 11th IEEE International Conference on Industrial Informatics (INDIN), 2013, pp. 670-675.
  2. E. Estévez and M. Marcos, "Model-based validation of industrial control systems," IEEE Transactions on Industrial Informatics, vol. 8, pp. 302-310, 2011.
  3. M. Kravchik and A. Shabtai, "Detecting cyberattacks in industrial control systems using convolutional neural networks," in Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, 2018, pp. 72-83.
  4. O. Andreeva, S. Gordeychik, G. Gritsai, O. Kochetova, E. Potseluevskaya, S. I. Sidorov, et al., "Industrial control systems vulnerabilities statistics," Kaspersky Lab, Report, 2016.
  5. M.-K. Yoon and G. F. Ciocarlie, "Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems," in NDSS Workshop on Security of Emerging Networking Technologies, 2014.
  6. A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, vol. 2, pp. 1-22, 2019.
  7. V. Jyothsna, R. Prasad, and K. M. Prasad, "A review of anomaly based intrusion detection systems," International Journal of Computer Applications, vol. 28, pp. 26-35, 2011.
  8. I. Butun, S. D. Morgera, and R. Sankar, "A survey of intrusion detection systems in wireless sensor networks," IEEE Communications Surveys & tutorials, vol. 16, pp. 266- 282, 2013.
  9. T. H. Morris and W. Gao, "Industrial control system cyberattacks," in 1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013) 1, 2013, pp. 22-29.
  10. H. Holm, M. Karresand, A. Vidström, and E. Westring, "A survey of industrial control system testbeds," in Nordic Conference on Secure IT Systems, 2015, pp. 11-26.
  11. S. Ponomarev and T. Atkison, "Industrial control system network intrusion detection by telemetry analysis," IEEE Transactions on Dependable and Secure Computing, vol. 13, pp. 252-260, 2015.
  12. E. Monmasson, L. Idkhajine, M. N. Cirstea, I. Bahri, A. Tisan, and M. W. Naouar, "FPGAs in industrial control applications," IEEE Transactions on Industrial informatics, vol. 7, pp. 224-243, 2011.
  13. T. H. Morris, Z. Thornton, and I. Turnip seed, "Industrial control system simulation and data logging for intrusion detection system research," 7th Annual Southeastern Cyber Security Summit, pp. 3-4, 2015.
  14. H. R. Ghaeini and N. O. Tippenhauer, "Hamids: Hierarchical monitoring intrusion detection system for industrial control systems," in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, 2016, pp. 103-111.
  15. Y. Hu, A. Yang, H. Li, Y. Sun, and L. Sun, "A survey of intrusion detection on industrial control systems," International Journal of Distributed Sensor Networks, vol. 14, p. 1550147718794615, 2018.
  16. M. Caselli, E. Zambon, and F. Kargl, "Sequence-aware intrusion detection in industrial control systems," in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, 2015, pp. 13-24.
  17. M. J. Assante and R. M. Lee, "The industrial control system cyber kill chain," SANS Institute InfoSec Reading Room, vol. 1, 2015.
  18. M. Mantere, M. Sailio, and S. Noponen, "Network traffic features for anomaly detection in specific industrial control system network," Future Internet, vol. 5, pp. 460-473, 2013.
  19. T. L. Blevins, "PID advances in industrial control," IFAC Proceedings Volumes, vol. 45, pp. 23-28, 2012.
  20. O. Navarro, S. A. J. Balbastre, and S. Beyer, "Gathering intelligence through realistic industrial control system honeypots," in International Conference on Critical Information Infrastructures Security, 2018, pp. 143-153.
  21. H. Abdo, M. Kaouk, J.-M. Flaus, and F. Masse, "A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis," Computers & Security, vol. 72, pp. 175-195, 2018.
  22. Yang, H., Cheng, L., & Chuah, M. C. (2019a). Deep-Learning-Based Network Intrusion Detection for SCADA Systems. 2019 IEEE Conference on Communications and Network Security (CNS). https://doi.org/10.1109/cns.2019.8802785
  23. Chen, J., Gao, X., Deng, R., He, Y., Fang, C., & Cheng, P. (2021). Generating Adversarial Examples against Machine Learning based Intrusion Detector in Industrial Control Systems. IEEE Transactions on Dependable and Secure Computing, 1–1. https://doi.org/10.1109/tdsc.2020.3037500
  24. Anthi, E., Williams, L., Rhode, M., Burnap, P., & Wedgbury, A. (2021). Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems. Journal of Information Security and Applications, 58, 102717. https://doi.org/10.1016/j.jisa.2020.102717.
  25. Morris, T.H., Thornton, Z. and Turnipseed, I., 2015. Industrial control system simulation and data logging for intrusion detection system research. 7th annual southeastern cyber security summit, pp.3-4.
  26. Umer, Muhammad Azmi, et al. "Attack rules: an adversarial approach to generate attacks for Industrial Control Systems using machine learning." Proceedings of the 2th Workshop on CPS&IoT Security and Privacy. 2021.
  27. Hsu, J., D. Mudd, and Z. Thornton. "Mississippi State University Project Report-SCADA Anomaly Detection." (2014).
  28. Arora, Pallavi, Baljeet Kaur, and Marcio Andrey Teixeira. "Evaluation of machine learning algorithms used on attacks detection in industrial control systems." Journal of The Institution of Engineers (India): Series B 102.3 (2021): 605-616.
  29. Cook, Allan, et al. "Attribution of cyber-attacks on industrial control systems." EAI Endorsed Transactions on Industrial Networks and Intelligent Systems 3.7 (2016).
  30. Ren, Kui, et al. "Adversarial attacks and defenses in deep learning." Engineering 6.3 (2020): 346-360.