This paper explores a new cyber-attack vector targeting Industrial Control Systems (ICS), particularly focusing on water treatment facilities. Developing a new multi-agent Deep Reinforcement Learning (DRL) approach, adversaries craft stealthy, strategically timed, wear-out attacks designed to subtly degrade product quality and reduce the lifespan of field actuators. This sophisticated method leverages DRL methodology not only to execute precise and detrimental impacts on targeted infrastructure but also to evade detection by contemporary AI-driven defence systems. By developing and implementing tailored policies, the attackers ensure their hostile actions blend seamlessly with normal operational patterns, circumventing integrated security measures. Our research reveals the robustness of this attack strategy, shedding light on the potential for DRL models to be manipulated for adversarial purposes. Our research has been validated through testing and analysis in an industry-level setup. For reproducibility and further study, all related materials, including datasets and documentation, are publicly accessible.
翻译:本文探讨了一种针对工业控制系统的新型网络攻击向量,特别聚焦于水处理设施。通过开发一种新型多智能体深度强化学习方法,攻击者能够设计出隐蔽、策略性定时且具有损耗效应的攻击,旨在微妙地降低产品质量并缩短现场执行器的使用寿命。这种复杂方法不仅利用DRL方法对目标基础设施执行精确且有害的影响,还能规避当代AI驱动防御系统的检测。通过制定并实施定制化策略,攻击者确保其恶意行为能够与正常操作模式无缝融合,从而规避集成安全措施。本研究揭示了该攻击策略的鲁棒性,阐明了DRL模型可能被操纵用于对抗性目的的潜在风险。我们的研究已通过工业级测试环境中的验证与分析得到证实。为支持可重复性研究与进一步探索,所有相关材料(包括数据集与文档)均已公开。