Edinburgh Napier University

  The protection of Critical National Infrastructure is extremely important due to nations being dependent on their operation and steadiness. Any disturbance to this infrastructure could have a devastating consequence on physical security, economic wellbeing, and public health and safety. To deal with the growing number of attacks, with differing degrees of impact against such systems, various machine learning-based Intrusion Detection Systems have been employed given their success in the automated detection of known and unknown cyberattacks with high degrees of accuracy. However, since machine learning models are susceptible to attacks, also known as Adversarial Machine Learning, employing such Intrusion Detection Systems has also created an additional attack vector which could potentially help hackers to evade detection. This paper explores the robustness of both traditional and non-traditional supervised machine learning algorithms by studying their classification behaviour under adversarial attacks. This includes machine learning algorithms such as Support Vector Machine, Logistic Regression, and Deep Learning models, such as Artificial Neural Network. Additionally, this contains adversarial machine learning attacks such as random & targeted label flipping, Fast Gradient Sign Method, and Jacobian Saliency Map Attack. A genuine dataset captured from a model of a clean water treatment system was used to support the experiments presented in this paper. Overall, the adversarial attacks were successful to decrease the classification performance of the machine learning algorithms but with varying degrees of influence. For example, the targeted label flipping has a stronger impact on the classification performance reduction compared with the random label flipping attacks. Additionally, Deep Learning model and Support Vector Machine both show longer fight against the adversarial attacks compared with Logistic Regression.