Enhancing Adversarial Robustness of Anomaly Detection-Based IDS in OT Environments

The increasing use of deep learning approaches, particularly generative models such as autoencoders (AEs), as Intrusion Detection Systems (IDS) in cybersecurity, introduces vulnerabilities to adversarial attacks. These attacks involve small, malicious perturbations to input data that can deceive the system, disguising attacks as normal behavior. In this paper, we investigate the susceptibility of an AEbased IDS deployed in an Operational Technology (OT) environment, specifically a water distribution system. We explore various defense strategies to enhance model robustness against adversarial attacks, focusing on increasing the minimal perturbation required to evade detection. Our study examines both adversarial training and sensitivitybased training, comparing their effectiveness in hardening the system against adversarial attacks with different number of features available to the attacker (100%, 75%, 50%, 25%, 2%). Results show that while both methods have improved the robustness of the model architecture for some scenarios, no method shows clear improvement on all experiments. This work highlights the importance of adversarial robustness in critical infrastructure protection and provides insights into defense mechanisms for enhancing the security of AEbased IDS systems.