Muhammad Azmi Umer

Abdul Mustafa, Muhammad Talha Khan, Muhammad Azmi Umer et al.

Machine learning (ML)-based intrusion detection systems (IDS) are vulnerable to adversarial attacks. It is crucial for an IDS to learn to recognize adversarial examples before malicious entities exploit them. In this paper, we generated adversarial samples using the Jacobian Saliency Map Attack (JSMA). We validate the generalization and scalability of the adversarial samples to tackle a broad range of real attacks on Industrial Control Systems (ICS). We evaluated the impact by assessing multiple attacks generated using the proposed method. The model trained with adversarial samples detected attacks with 95% accuracy on real-world attack data not used during training. The study was conducted using an operational secure water treatment (SWaT) testbed.

Muhammad Azmi Umer, Chuadhry Mujeeb Ahmed, Aditya Mathur et al.

This work focuses on validation of attack pattern mining in the context of Industrial Control System (ICS) security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack patterns for an ICS. The proposed technique has been used to generate over 100,000 attack patterns from data gathered from an operational water treatment plant. In this work we present a detailed case study to validate the attack patterns.

Muhammad Azmi Umer, Khurum Nazir Junejo, Muhammad Taha Jilani et al.

Methods from machine learning are being applied to design Industrial Control Systems resilient to cyber-attacks. Such methods focus on two major areas: the detection of intrusions at the network-level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physical behavior of the system. This survey focuses on four types of methods from machine learning in use for intrusion and anomaly detection, namely, supervised, semi-supervised, unsupervised, and reinforcement learning. Literature available in the public domain was carefully selected, analyzed, and placed in a 7-dimensional space for ease of comparison. The survey is targeted at researchers, students, and practitioners. Challenges associated in using the methods and research gaps are identified and recommendations are made to fill the gaps.

Danish Hudani, Muhammad Haseeb, Muhammad Taufiq et al.

Cyber-Physical Systems (CPS) have gained popularity due to the increased requirements on their uninterrupted connectivity and process automation. Due to their connectivity over the network including intranet and internet, dependence on sensitive data, heterogeneous nature, and large-scale deployment, they are highly vulnerable to cyber-attacks. Cyber-attacks are performed by creating anomalies in the normal operation of the systems with a goal either to disrupt the operation or destroy the system completely. The study proposed here focuses on detecting those anomalies which could be the cause of cyber-attacks. This is achieved by deriving the rules that govern the physical behavior of a process within a plant. These rules are called Invariants. We have proposed a Data-Centric approach (DaC) to generate such invariants. The entire study was conducted using the operational data of a functional smart power grid which is also a living lab.

Muhammad Azmi Umer, Chuadhry Mujeeb Ahmed, Muhammad Taha Jilani et al.

Adversarial learning is used to test the robustness of machine learning algorithms under attack and create attacks that deceive the anomaly detection methods in Industrial Control System (ICS). Given that security assessment of an ICS demands that an exhaustive set of possible attack patterns is studied, in this work, we propose an association rule mining-based attack generation technique. The technique has been implemented using data from a secure Water Treatment plant. The proposed technique was able to generate more than 300,000 attack patterns constituting a vast majority of new attack vectors which were not seen before. Automatically generated attacks improve our understanding of the potential attacks and enable the design of robust attack detection techniques.