Adversarial sample attacks and defenses based on LSTM-ED in industrial control systems

The challenge faced by industrial control systems is that they are vulnerable to adversarial sample attacks. In the ICS field, the challenge with adversarial sample attacks is that the adversarial samples generated by the attack do not conform to protocol specifications. The challenge of adversarial sample defense is that it is difficult to design a defense model without information about the adversarial samples. To tackle these challenges, we propose an adversarial sample attack and defense method based on Long Short -Term Memory Networks based Encoder -Decoder (LSTM-ED). The objectives are to address challenges of adversarial samples not conforming to protocol specifications and physical meaning, inefficient generation of adversarial samples, and the difficulty of designing a defense model without information about adversarial samples. Our adversarial sample attack efficiently generates samples conforming to protocol specifications and physical meaning by adding perturbation values to sensors and actuators, while complying with feature constraints. Subsequently, we introduce an LSTMED Feature Weight defense method (LSTM-FWED) designed without explicit adversarial sample information. In LSTM-FWED, we normalize reconstruction errors across different features to prevent anomaly scores from being influenced by poorly predicted features, thereby ensuring robust defense results. We validate the effectiveness of our approach on a real -world critical infrastructure testbed. The proposed adversarial sample attack reduces the precision of the LSTM-ED model by an average of 66.26%, with a maximum adversarial sample generation time of 18 seconds, significantly improving attack efficiency. Furthermore, in comprehensive experiments, LSTMFWED demonstrates an average AUC improvement of 21.83% compared to state-of-the-art anomaly detection baseline methods.