Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios
The adversarial training technique has been shown to improve the robustness of Machine Learning and Deep Learning models to adversarial attacks in the Computer Vision field. However, the effectiveness of this approach needs to be proven in the field of Anomaly Detection on industrial environments, w...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10819406/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841556986808762368 |
|---|---|
| author | Angel Luis Perales Gomez Lorenzo Fernandez Maimo Alberto Huertas Celdran Felix J. Garcia Clemente |
| author_facet | Angel Luis Perales Gomez Lorenzo Fernandez Maimo Alberto Huertas Celdran Felix J. Garcia Clemente |
| author_sort | Angel Luis Perales Gomez |
| collection | DOAJ |
| description | The adversarial training technique has been shown to improve the robustness of Machine Learning and Deep Learning models to adversarial attacks in the Computer Vision field. However, the effectiveness of this approach needs to be proven in the field of Anomaly Detection on industrial environments, where adversarial training has critical limitations. First, the time to train the Anomaly Detection system is higher since adversarial samples needs to be generated in each epoch. Second, the adversarial training blurs the decision border and, therefore, the performance of the Anomaly Detection system decreases. To solve these limitations, we propose a novel framework that can be deployed in constrained devices typically used in industrial scenarios. The framework relies on features extracted after applying interpretability methods to time-series data. These features will be used to train a new Deep Learning model that discriminates between adversarial and non-adversarial samples. We validated two configurations of the framework using two different industrial scenarios: the Tennessee Eastman Process (TEP) and Secure Water Treatment (SWaT). Next, we compared the results between our proposal and the approach using traditional adversarial training. Our proposal took significantly less time to be trained (around 42.5% and 90% less time for TEP and SWaT, respectively). Besides, after applying the adversarial training, we observed a downgrade of the F1-score of the Anomaly Detection system from 0.929 to 0.707 in the TEP scenario and from 0.972 to 0.923 for SWaT scenario. Finally, we observed that our approach was slower than adversarial training in terms of evaluation time due to the intensive computation of features from interpretability methods. However, this did not prevent our approach from being used in real time to detect adversarial samples. |
| format | Article |
| id | doaj-art-05aaea76c4184c6286f33391047d885e |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-05aaea76c4184c6286f33391047d885e2025-01-07T00:02:21ZengIEEEIEEE Access2169-35362025-01-01132705272210.1109/ACCESS.2024.352499610819406Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial ScenariosAngel Luis Perales Gomez0https://orcid.org/0000-0003-1004-881XLorenzo Fernandez Maimo1https://orcid.org/0000-0003-2027-4239Alberto Huertas Celdran2https://orcid.org/0000-0001-7125-1710Felix J. Garcia Clemente3https://orcid.org/0000-0001-6181-5033Departamento de Ingeniería y Tecnología de Computadores, University of Murcia, Murcia, SpainDepartamento de Ingeniería y Tecnología de Computadores, University of Murcia, Murcia, SpainCommunication Systems Group CSG, Department of Informatics IfI, University of Zurich (UZH), Zürich, SwitzerlandDepartamento de Ingeniería y Tecnología de Computadores, University of Murcia, Murcia, SpainThe adversarial training technique has been shown to improve the robustness of Machine Learning and Deep Learning models to adversarial attacks in the Computer Vision field. However, the effectiveness of this approach needs to be proven in the field of Anomaly Detection on industrial environments, where adversarial training has critical limitations. First, the time to train the Anomaly Detection system is higher since adversarial samples needs to be generated in each epoch. Second, the adversarial training blurs the decision border and, therefore, the performance of the Anomaly Detection system decreases. To solve these limitations, we propose a novel framework that can be deployed in constrained devices typically used in industrial scenarios. The framework relies on features extracted after applying interpretability methods to time-series data. These features will be used to train a new Deep Learning model that discriminates between adversarial and non-adversarial samples. We validated two configurations of the framework using two different industrial scenarios: the Tennessee Eastman Process (TEP) and Secure Water Treatment (SWaT). Next, we compared the results between our proposal and the approach using traditional adversarial training. Our proposal took significantly less time to be trained (around 42.5% and 90% less time for TEP and SWaT, respectively). Besides, after applying the adversarial training, we observed a downgrade of the F1-score of the Anomaly Detection system from 0.929 to 0.707 in the TEP scenario and from 0.972 to 0.923 for SWaT scenario. Finally, we observed that our approach was slower than adversarial training in terms of evaluation time due to the intensive computation of features from interpretability methods. However, this did not prevent our approach from being used in real time to detect adversarial samples.https://ieeexplore.ieee.org/document/10819406/Anomaly detectionadversarial attackdeep learningexplainable artificial intelligenceindustrial control systems |
| spellingShingle | Angel Luis Perales Gomez Lorenzo Fernandez Maimo Alberto Huertas Celdran Felix J. Garcia Clemente Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios IEEE Access Anomaly detection adversarial attack deep learning explainable artificial intelligence industrial control systems |
| title | Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios |
| title_full | Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios |
| title_fullStr | Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios |
| title_full_unstemmed | Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios |
| title_short | Detection of Adversarial Attacks Using Deep Learning and Features Extracted From Interpretability Methods in Industrial Scenarios |
| title_sort | detection of adversarial attacks using deep learning and features extracted from interpretability methods in industrial scenarios |
| topic | Anomaly detection adversarial attack deep learning explainable artificial intelligence industrial control systems |
| url | https://ieeexplore.ieee.org/document/10819406/ |
| work_keys_str_mv | AT angelluisperalesgomez detectionofadversarialattacksusingdeeplearningandfeaturesextractedfrominterpretabilitymethodsinindustrialscenarios AT lorenzofernandezmaimo detectionofadversarialattacksusingdeeplearningandfeaturesextractedfrominterpretabilitymethodsinindustrialscenarios AT albertohuertasceldran detectionofadversarialattacksusingdeeplearningandfeaturesextractedfrominterpretabilitymethodsinindustrialscenarios AT felixjgarciaclemente detectionofadversarialattacksusingdeeplearningandfeaturesextractedfrominterpretabilitymethodsinindustrialscenarios |