Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks

Industrial Control Systems (ICS) are responsible for the safety and operations of critical infrastructure such as power grids. Attacks on such systems threaten the well-being of societies, and the lives of human operators, and pose huge financial risks. To detect those attacks, process-aware attack detectors were proposed by academia and industry to verify inherent physical correlations. Such detectors will be trained by the vendors on process data from the target system, which allows malicious manipulations of the training process to later evade detection at runtime. Previously proposed attacks in this direction rely on detailed process knowledge to predict the exact attack features to be concealed. In this work, we show that even without process knowledge (i.e. being able to predict attack results), it is possible to launch training time attacks against such attack detectors. Our backdoor attacks achieve this by identifying 'alien' actuator state combinations that never occur in the training samples and injecting them with legitimate sensor data into the training set. At runtime, the attacker spoofs one of those alien actuator state combinations, which triggers (regardless of sensor values) the classification as 'normal'. To demonstrate this, we design and implement five backdoor attacks against autoencoder-based anomaly detectors for 14 attacks from the BATADAL dataset collection. Our evaluation shows that our best backdoor attack implementation can achieve perfect attack concealment and accomplish an average recall of 0.19. Compared to the performance of the detector for anomalies that are not concealed by inserted triggers, our attacks decrease the detector's recall by 0.477.