Practical Evaluation of Poisoning Attacks on Online Anomaly Detectors in Industrial Control Systems

Moshe Kravchik, Luca Demetrio, Battista Biggio, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review

5 Scopus citations


Recently, neural networks (NNs) have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to cope with the evolution of the monitored signals over time. However, by exploiting this mechanism, an attacker can fake the signals provided by corrupted sensors at training time and poison the learning process of the detector to allow cyber attacks to stay undetected at test time. Previous work explored the ability to generate adversarial samples that fool anomaly detection models in ICSs but without compromising their training process. With this research, we are the first to demonstrate such poisoning attacks on ICS cyber attack online detectors based on neural networks. We propose two distinct attack algorithms, namely, interpolation- and back-gradient-based poisoning, and demonstrate their effectiveness. The evaluation is conducted on diverse data sources: synthetic data, real-world ICS testbed data, and a simulation of the Tennessee Eastman process. This first practical evaluation of poisoning attacks using a simulation tool highlights the challenges of poisoning dynamically controlled systems. The generality of the proposed methods under different NN parameters and architectures is studied. Lastly, we propose and analyze some potential mitigation strategies.

Original languageEnglish
Article number102901
JournalComputers and Security
StatePublished - 1 Nov 2022


  • Adversarial machine learning
  • Adversarial robustness
  • Anomaly detection
  • Autoencoders
  • Industrial control systems
  • Poisoning attacks

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Practical Evaluation of Poisoning Attacks on Online Anomaly Detectors in Industrial Control Systems'. Together they form a unique fingerprint.

Cite this