Konferenzbeitrag
Cybersecurity Testing for Industry 4.0: Enhancing Deployments in operational I&C systems Through Adversarial Testing and Explainable AI
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2024
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Several emerging technologies have substantially affected the scope and implementation of security testing. This includes the testing of cryptographic algorithm implementation, the security of Machine Learning (ML) and Artificial Intelligence (AI) algorithms, joint functional safety and security-related (IEC TR 63069) testing, security and privacy-related testing of big data and cloud
computing, e.g. with regard to de-identification. This paper focuses on the security ML and AI implementations, examining their integration in industrial control and nuclear systems (IEC 62443). Special attention is given to security threats considered throughout the AI system life cycle specifically at design phase. We assess the entirety of the secure development lifecycle, which
includes stages such as data and model management, risk assessment, and the enhancement of system robustness and resilience as specified by ISO/IEC 42001. To highlight the critical role of verification and validation (V&V), we conduct a proof-of-concept exploit targeted and gradual feature poisoning attack on a water treatment and distribution simulator fault detector. We achieve to demonstrate the impact of the attack on model robustness and performance through explainable metrics and pave the way for the development of a secure lifecycle framework, thereby increasing the chances of successful deployment.