Generation of Adversarial Examples to Prevent Misclassification of Deep Neural Network based Condition Monitoring Systems for Cyber-Physical Production Systems

Deep neural network based condition monitoring systems are used to detect system failures of cyber-physical production systems. However, a vulnerability of deep neural networks are adversarial examples. They are manipulated inputs, e.g. process data, with the ability to mislead a deep neural network into misclassification. Adversarial example attacks can manipulate the physical production process of a cyber-physical production system without being recognized by the condition monitoring system. Manipulation of the physical process poses a serious threat for production systems and employees. This paper introduces CyberProtect, a novel approach to prevent misclassification caused by adversarial example attacks. CyberProtect generates adversarial examples and uses them to retrain deep neural networks. This results in a hardened deep neural network with a significant reduced misclassification rate. The proposed countermeasure increases the classification rate from 20% to 82%, as proved by empirical results.

[1]  Mohamed Elhoseny,et al.  Secure Automated Forensic Investigation for Sustainable Critical Infrastructures Compliant with Green Computing Requirements , 2020, IEEE Transactions on Sustainable Computing.

[2]  Soundar R. T. Kumara,et al.  Cyber-physical systems in manufacturing , 2016 .

[3]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[4]  Patrick D. McDaniel,et al.  On the Effectiveness of Defensive Distillation , 2016, ArXiv.

[5]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[6]  Oliver Niggemann,et al.  Automatic Parameter Estimation for Reusable Software Components of Modular and Reconfigurable Cyber-Physical Production Systems in the Domain of Discrete Manufacturing , 2018, IEEE Transactions on Industrial Informatics.

[7]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[8]  Yanjun Qi,et al.  Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial Examples , 2017, ArXiv.

[9]  Patrick D. McDaniel,et al.  Cleverhans V0.1: an Adversarial Machine Learning Library , 2016, ArXiv.

[10]  Detlef Reintsema,et al.  Communication, Configuration, Application - The Three Layer Concept for Plug-and-Produce , 2008, ICINCO-RA.

[11]  Oliver Niggemann,et al.  Online parameter estimation for cyber-physical production systems based on mixed integer nonlinear programming, process mining and black-box optimization techniques , 2018, Autom..

[12]  Pan He,et al.  Adversarial Examples: Attacks and Defenses for Deep Learning , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[13]  John D. Hunter,et al.  Matplotlib: A 2D Graphics Environment , 2007, Computing in Science & Engineering.

[14]  Eric Jones,et al.  SciPy: Open Source Scientific Tools for Python , 2001 .

[15]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[16]  Yanjun Qi,et al.  Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks , 2017, NDSS.

[17]  Oliver Niggemann,et al.  On the applicability of model based software development to cyber physical production systems , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[18]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Patrick D. McDaniel,et al.  Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples , 2016, ArXiv.

[20]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[21]  Delowar Hossain,et al.  Pick-place of dynamic objects by robot manipulator based on deep learning and easy user interface teaching systems , 2017, Ind. Robot.

[22]  David Wagner,et al.  Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods , 2017, AISec@CCS.

[23]  G. Reinhart,et al.  Automatic configuration (Plug & Produce) of Industrial Ethernet networks , 2010, 2010 9th IEEE/IAS International Conference on Industry Applications - INDUSCON 2010.

[24]  Christian Brecher,et al.  Industrial Internet of Things and Cyber Manufacturing Systems , 2017 .

[25]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[26]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[27]  Barbara Hammer,et al.  Interpretable machine learning with reject option , 2018, Autom..