Breaching the Defense: Investigating FGSM and CTGAN Adversarial Attacks on IEC 60870-5-104 AI-enabled Intrusion Detection Systems

Abstract

In the digital age of the hyper-connected Critical Infrastructures (CIs), the role of the smart electrical grid is crucial, providing several benefits, such as improved grid resilience, efficient energy distribution and smart load and response management. However, despite the several advantages, the rapid evolution of the heterogeneous technologies involved in the smart electrical grid increases the attack surface. In this paper, we focus first our attention on how Artificial Intelligence (AI) can be used to protect the smart electrical grid in terms of detecting efficiently potential cyberattacks and anomalies. Secondly, we investigate how AI can be used to trick AI-enabled detection services, thus resulting in false alarms. In particular, we emphasise on cyberattacks against IEC 60870-5-104, an industrial communication protocol which is widely used in the energy domain. Therefore, a relevant AI-powered Intrusion Detection System (IDS) is provided, utilising strong Machine Learning (ML)/Deep Learning (DL) methods, such as Decision Tree, Random Forest, XGBOOST and deep MultiLayer Perceptron (MLP). On the other hand, we investigate how adversarial attacks can affect the detection performance of the previous IDS. For this purpose, the Fast Gradient Signed Method (FGSM) is examined, and a Conditional Tabular Generative Adversarial Network (CTGAN) adversarial attack generator is implemented. The evaluation results demonstrate the efficiency of the proposed IDS and the aforementioned adversarial attacks.