KIT | KIT-Bibliothek | Impressum | Datenschutz

FEVA-ICS: Benchmarking Adversarial Robustness of Machine Learning-based Intrusion Detection Systems in Industrial Control Systems

Ghosh, Madhurima 1; Meshram, Ankush ORCID iD icon 2; Karch, Markus 3; Haas, Christian 3; Zhang, Xiao 1; Singh, Mridula 1
1 Helmholtz-Zentrum für Informationssicherheit (CISPA)
2 Institut für Anthropomatik und Robotik (IAR), Karlsruher Institut für Technologie (KIT)
3 Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB)

Abstract:

Machine Learning (ML)-based Intrusion Detection Systems (IDS) are increasingly proposed for deployment in Industrial Control Systems (ICS) to detect evolving and previously unseen attacks. However, ML models are vulnerable to adversarial examples, i.e., carefully crafted inputs that induce misclassification while remaining functionally valid and physically plausible. In safety-critical ICS environments, this vulnerability makes systematic robustness benchmarking essential prior to deployment.
In this paper, we introduce the Framework for Evasion and Validation for Industrial Control Systems (FEVA-ICS), a novel end-to-end benchmarking platform designed to assess ML-based IDS robustness in a realistic black-box setting. FEVA-ICS incorporates two attack strategies: (a) a query-based approach and (b) a surrogate model-based approach. In particular, we propose Correlation-Driven Feature Shift (CorrShift), a novel query-based adversarial attack tailored for ICS that preserves physical plausibility and temporal consistency. We also include surrogate-model transfer attacks using gradient-based methods, such as Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD).
... mehr


Verlagsausgabe §
DOI: 10.5445/IR/1000195111
Veröffentlicht am 09.07.2026
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Anthropomatik und Robotik (IAR)
Publikationstyp Proceedingsbeitrag
Publikationsmonat/-jahr 06.2026
Sprache Englisch
Identifikator ISBN: 979-8-4007-2313-1
KITopen-ID: 1000195111
HGF-Programm 46.23.04 (POF IV, LK 01) Engineering Security for Production Systems
Weitere HGF-Programme 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Proceedings of the 12th ACM Cyber-Physical System Security Workshop
Veranstaltung 12th ACM Cyber-Physical System Security Workshop (CPSS 2026), Bangalore, Indien, 01.06.2026 – 05.06.2026
Verlag Association for Computing Machinery (ACM)
Seiten 47–62
Serie CPSS ’26
Vorab online veröffentlicht am 31.05.2026
Externe Relationen Siehe auch
Nachgewiesen in Scopus
OpenAlex
KIT – Die Universität in der Helmholtz-Gemeinschaft
KITopen Landing Page