FASER-IN: Evasion of Network Intrusion Detection Systems in Industrial Networks
Shetty, Pranav; Meshram, Ankush
1; Karch, Markus 2; Haas, Christian 2; Tippenhauer, Nils Ole 3
1 Institut für Anthropomatik und Robotik (IAR), Karlsruher Institut für Technologie (KIT)
2 Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB)
3 Helmholtz-Zentrum für Informationssicherheit (CISPA)
1; Karch, Markus 2; Haas, Christian 2; Tippenhauer, Nils Ole 31 Institut für Anthropomatik und Robotik (IAR), Karlsruher Institut für Technologie (KIT)
2 Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB)
3 Helmholtz-Zentrum für Informationssicherheit (CISPA)
Abstract:
Industrial Control Systems (ICS) are critical to infrastructure sectors such as energy, manufacturing, and transportation. One of the primary security measures used in ICS are Network Intrusion Detection Systems (NIDS). Commercial NIDS for ICS use proprietary methods to detect attacks, and little research has been performed so far in their efficacy and resilience against manipulation.
In this work, we systematically analyze a common NIDS product for ICS. We identify how attacks and anomalies are detected by the NIDS, and systematically investigate whether attacker could avoid detection via evasion attacks. We design and implement a Framework for Adversarial Spoofing and Evasion of Rule-based ICS-NIDS (FASER-IN), which allows us to conduct evasion attacks, and test this against the NIDS. FASER-IN includes four main stages: dataset generation, surrogate model generation, adversarial example generation, and evasion attack execution. We execute the evasion attack by sending the adversarial examples crafted using our novel algorithm, AutoSpoofing, to both the surrogate model and the NIDS. We observe the Attack Success Rate for the surrogate model and the NIDS to be 69.57% and 56.52% respectively, highlighting the efficacy of AutoSpoofing attack. ... mehr
In this work, we systematically analyze a common NIDS product for ICS. We identify how attacks and anomalies are detected by the NIDS, and systematically investigate whether attacker could avoid detection via evasion attacks. We design and implement a Framework for Adversarial Spoofing and Evasion of Rule-based ICS-NIDS (FASER-IN), which allows us to conduct evasion attacks, and test this against the NIDS. FASER-IN includes four main stages: dataset generation, surrogate model generation, adversarial example generation, and evasion attack execution. We execute the evasion attack by sending the adversarial examples crafted using our novel algorithm, AutoSpoofing, to both the surrogate model and the NIDS. We observe the Attack Success Rate for the surrogate model and the NIDS to be 69.57% and 56.52% respectively, highlighting the efficacy of AutoSpoofing attack. ... mehr
| Zugehörige Institution(en) am KIT | Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB) Institut für Anthropomatik und Robotik (IAR) Institut für Informationssicherheit und Verlässlichkeit (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 25.08.2025 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-84-00-71413-9 KITopen-ID: 1000186326 |
| HGF-Programm | 46.23.04 (POF IV, LK 01) Engineering Security for Production Systems |
| Erschienen in | Proceedings of the 11th ACM Cyber-Physical System Security Workshop |
| Veranstaltung | 11th ACM Cyber-Physical System Security Workshop (CPSS 2025), Hanoi, Vietnam, 26.08.2025 |
| Verlag | Association for Computing Machinery (ACM) |
| Seiten | 87–102 |
| Nachgewiesen in | OpenAlex Dimensions Scopus |
| Globale Ziele für nachhaltige Entwicklung |