Abstract
Condition monitoring systems based on deep neural networks are used for system failure detection in cyber-physical production systems. However, deep neural networks are vulnerable to attacks with adversarial examples. Adversarial examples are manipulated inputs, e.g. sensor signals, are able to mislead a deep neural network into misclassification. A consequence of such an attack may be the manipulation of the physical production process of a cyber-physical production system without being recognized by the condition monitoring system. This can result in a serious threat for production systems and employees. This work introduces an approach named CyberProtect to prevent misclassification caused by adversarial example attacks. The approach generates adversarial examples for retraining a deep neural network which results in a hardened variant of the deep neural network. The hardened deep neural network sustains a significant better classification rate (82% compared to 20%) while under attack with adversarial examples, as shown by empirical results.
Chapter PDF
Similar content being viewed by others
References
J. Otto, B. Vogel-Heuser, and O. Niggemann. Online parameter estimation for cyber-physical production systems based on mixed integer nonlinear rogramming, process mining and black-box optimization techniques. at-Automatisierungstechnik, 66(4):331–343, 2018.
G. Reinhart, S. Krug, S. Huttner, Z. Mari, F. Riedelbauch, and M. Schlogel. Automatic configuration (plug & produce) of industrial ethernet networks. In Proc. 9th IEEE/IAS International Conference on Industry Applications (INDUSCON), pages 1–6, Sao Paulo, Brazil, nov 2010.
J. Otto, B. Vogel-Heuser, and O. Niggemann. Automatic parameter estimation for reusable software components of modular and reconfigurable cyber-physical production systems in the domain of discrete manufacturing. IEEE Transactions on Industrial Informatics, 14(1):275–282, 2018.
L. Monostori, B. K´ad´ar, T. Bauernhansl, S. Kondoh, S. Kumara, G. Reinhart, O. Sauer, G. Schuh, W. Sihn, and K. Ueda. Cyber-physical systems in manufacturing. International Academy for Production Engineering Annals, 65(2):621–641, 2016.
D. Hossain, G. Capi, M. Jindai, and S. Kaneko. Pick-place of dynamic objects by robot manipulator based on deep learning and easy user interface teaching systems. Industrial Robot: the international journal of robotics research and application, 44(1):11–20, 2017.
S. Jeschke, C. Brecher, T. Meisen, D. ¨ Ozdemir, and T. Eschert. Industrial internet of things and cyber manufacturing systems, pages 3–19. Springer International Publishing, 2017.
C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus. Intriguing properties of neural networks. In Proc. of the 2nd International Conference on Learning Representations (ICLR), Banff, Canada, apr 2014.
K. Stouffer, J. Falco, and K. Scarfone. Guide to industrial control systems (ics) security. NIST special publication, 800(82):16, 2011.
I. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. In Proc. of the 3rd International Conference on Learning Representations (ICLR), San Diego, USA, may 2015.
N. Carlini and D. Wagner. Towards evaluating the robustness of neural networks. In Proc. of the 38th IEEE Symposium on Security and Privacy (SP), pages 39–57, San Jose, USA, may 2017.
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
N. Papernot, P. McDaniel, and I. Goodfellow. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. Computing Research Repository (CoRR), abs/1605.07277, 2016.
N. Papernot and P. McDaniel. On the effectiveness of defensive distillation. Computing Research Repository (CoRR), abs/1607.05113, 2016.
W. Xu, D. Evans, and Y. Qi. Feature squeezing: Detecting adversarial examples in deep neural networks. Computing Research Repository (CoRR), abs/1704.01155, 2017.
M. McCann and A. Johnston. Uci ml repository secom dataset, 2008. [Online; accessed 2018-02-05].
M. Abadi et al. Tensorflow: A system for large-scale machine learning. In Proc. of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), volume 16, pages 265–283, Savannah, USA, nov 2016.
DP. Kingma and J. Ba. Adam: A method for stochastic optimization. Computing Research Repository (CoRR), abs/1412.6980, 2014.
I. Goodfellow, N. Papernot, and P. McDaniel. cleverhans v2.0.0.: an adversarial machine learning library. Computing Research Repository (CoRR), abs/1610.00768, 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2021 The Author(s)
About this paper
Cite this paper
Specht, F., Otto, J. (2021). Hardening Deep Neural Networks in Condition Monitoring Systems against Adversarial Example Attacks. In: Beyerer, J., Maier, A., Niggemann, O. (eds) Machine Learning for Cyber Physical Systems. Technologien für die intelligente Automation, vol 13. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-62746-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-62746-4_11
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-62745-7
Online ISBN: 978-3-662-62746-4
eBook Packages: EngineeringEngineering (R0)