SAGE: Stealthy Attack GEneration

Citation Author(s):
Submitted by:
Jianjun Shi
Last updated:
Mon, 06/07/2021 - 11:08
0 ratings - Please login to submit your rating.


Cyber-physical systems (CPS) have been increasingly attacked by hackers. Recent studies have shown that CPS are especially vulnerable to insider attacks, in which case the attacker has full knowledge of the systems configuration. To better prevent such types of attacks, we need to understand how insider attacks are generated. Typically, there are three critical aspects for a successful insider attack: (i) Maximize damage, (ii) Avoid detection and (iii) Minimize the attack cost. In this paper we propose a “Stealthy Attack GEneration” (SAGE) framework by formulizing a novel optimization problem considering these three objectives and the physical constraints of the CPS. By adding small worst-case perturbations to the system, the SAGE attack can generate significant damage, while remaining undetected by the systems monitoring algorithms. The proposed methodology is evaluated on several anomaly detection algorithms. The results show that SAGE attacks can cause severe damage while staying undetected and keeping the cost of an attack low. Our method can be accessed in the supplementary material of this paper to aid researcher and practitioners in the design and development of resilient CPS and detection algorithms.


The folder structure should be set up as follows:

SAGE Supplementary Material:

   - Section 4.1 Image Case Studies

-Section 4.1.1 SSD Attack

           Note: Download the NEU Surface Defect dataset (NEU_surface_defect_database) and rename the images or put the images image_1.jpg,... in there

           main_SAGE attack_SSD.m contains a demo of the SSD attack

        -Section 4.2.2 CNN-LIME attack

           Note: Download the Annoation and Image folder from the NEU surface defect dataset and put it into the folder

           -join can train your own model with or use the provided LG_model.h5 to run 


   - Section 4.2 Hot Rolling Case Study

           -The csv files of section 4_2 contain the data with labels (normal/attack as 0/1) or the raw data respectively

           -Section_4_2_SAGE_attack_functional_curves.R is used for the attack

           -the scripts "method" are used to classify the presence of an attack