This paper explores a new cyber-attack vector targeting Industrial Control Systems (ICS), particularly focusing on water treatment facilities. Developing a new multi-agent Deep Reinforcement Learning (DRL) approach, adversaries craft stealthy, strategically timed, wear-out attacks designed to subtly degrade product quality and reduce the lifespan of field actuators. This sophisticated method leverages DRL methodology not only to execute precise and detrimental impacts on targeted infrastructure but also to evade detection by contemporary AI-driven defence systems. By developing and implementing tailored policies, the attackers ensure their hostile actions blend seamlessly with normal operational patterns, circumventing integrated security measures. Our research reveals the robustness of this attack strategy, shedding light on the potential for DRL models to be manipulated for adversarial purposes. Our research has been validated through testing and analysis in an industry-level setup.

Protecting sensitive data from theft, exfiltration, and other kinds of abuses by malicious insiders is a challenging problem. While access control mechanisms cannot always prevent the insiders from misusing sensitive data (since, in most of the cases, authorized users within organizations are granted access permissions), malicious outsiders also pose severe threats due to different security vulnerabilities in the systems, e.g., phishing attacks, memory corruptions, etc., which enable them to steal the credentials of the authorized users who have access to the data. To protect sensitive data from such attackers, anomaly detection techniques are often combined with other existing security measures, e.g., access control and encryption. An anomaly detection technique for identifying anomalies in file system accesses is based on the key idea that there should be significant differences between the file access behaviors of a benign user and an attacker. In this paper, we propose an approach to create fine-grained profiles of the users’ regular file access activities while extensively analyzing the timestamp information of the file accesses. According to our observation, even if a user’s access to a file seems benign, only a fine-grained analysis of the access (such as the size of access, the timestamp of access) can determine the original intention of the user. We exploit the users’ file access information at the block level to model their regular file access behaviors (user profiles) which are then securely stored and used for identifying anomalous file system accesses in the detection phase. We are also able to automatically profile new files and new users added to the system dynamically. Finally, our performance evaluations demonstrate that our proposed approach has an accuracy of 98.7% in detecting anomalies while incurring an overhead of only 2%.

At present, Bluetooth Low Energy (BLE) is dominantly used in commercially available Internet of Things (IoT) devices-such as smart watches, fitness trackers, and smart appliances. Compared to classic Bluetooth, BLE has been simplified in many ways that include its connection establishment, data exchange, and encryption processes. Unfortunately, this simplification comes at a cost. For example, only a star topology is supported in BLE environments and a peripheral (an IoT device) can communicate with only one gateway (e.g., a smartphone, or a BLE hub) at any given set time. When a peripheral goes out of range and thus loses connectivity to a gateway, it cannot connect and seamlessly communicate with another gateway without user interventions. In other words, BLE connections are not automatically migrated or handed-off to another gateway. In this paper, we propose SeamBlue¹, which brings secure seamless connectivity to BLE-capable mobile IoT devices in an environment that consists of a network of gateways. Our framework ensures that unmodified, commercial off-the-shelf BLE devices seamlessly and securely connect to a nearby gateway without any user intervention.