In recent years, a number of process-based anomaly detection schemes for Industrial Control Systems were proposed. In this work, we provide the first systematic analysis of such schemes, and introduce a taxonomy of properties that are verified by those detection systems. We then present a novel general framework to generate adversarial spoofing signals that violate physical properties of the system, and use the framework to analyze four anomaly detectors published at top security conferences. We find that three of those detectors are susceptible to a number of adversarial manipulations (e.g., spoofing with precomputed patterns), which we call Synthetic Sensor Spoofing and one is resilient against our attacks. We investigate the root of its resilience and demonstrate that it comes from the properties that we introduced. Our attacks reduce the Recall (True Positive Rate) of the attacked schemes making them not able to correctly detect anomalies. Thus, the vulnerabilities we discovered in the anomaly detectors show that (despite an original good detection performance), those detectors are not able to reliably learn physical properties of the system. Even attacks that prior work was expected to be resilient against (based on verified properties) were found to be successful. We argue that our findings demonstrate the need for both more complete attacks in datasets, and more critical analysis of process-based anomaly detectors. We plan to release our implementation as open-source, together with an extension of two public datasets with a set of Synthetic Sensor Spoofing attacks as generated by our framework.

翻译：近年来，针对工业控制系统提出了多种基于过程的异常检测方案。本研究首次系统性地分析了此类方案，并引入了一种用于验证检测系统所检验属性的分类方法。随后，我们提出了一种新颖的通用框架，用于生成违反系统物理属性的对抗性欺骗信号，并利用该框架分析了发表于顶级安全会议的四类异常检测器。研究发现，其中三个检测器容易受到多种对抗性操纵（例如使用预计算模式进行欺骗）——我们称之为合成传感器欺骗（Synthetic Sensor Spoofing），而一个检测器对我们的攻击展现出鲁棒性。通过探究其鲁棒性的根源，我们证明该特性源于我们所引入的属性分类。我们的攻击降低了被攻击方案的召回率（真阳性率），使其无法正确检测异常。因此，我们在异常检测器中发现的漏洞表明（尽管最初具有良好的检测性能），这些检测器无法可靠地学习系统的物理属性。即便先前研究预期（基于已验证属性）具有鲁棒性的攻击手段，也被证实具有有效性。研究表明，我们的发现凸显了数据集需要更完备的攻击手段，以及需对基于过程的异常检测器进行更批判性分析的必要性。我们计划将实现代码开源，同时补充两个公开数据集的扩展版本，其中包含由我们框架生成的一系列合成传感器欺骗攻击。