Skip to main content

Hardening Deep Neural Networks in Condition Monitoring Systems against Adversarial Example Attacks

  • 2133 Accesses

Part of the Technologien für die intelligente Automation book series (TIA,volume 13)


Condition monitoring systems based on deep neural networks are used for system failure detection in cyber-physical production systems. However, deep neural networks are vulnerable to attacks with adversarial examples. Adversarial examples are manipulated inputs, e.g. sensor signals, are able to mislead a deep neural network into misclassification. A consequence of such an attack may be the manipulation of the physical production process of a cyber-physical production system without being recognized by the condition monitoring system. This can result in a serious threat for production systems and employees. This work introduces an approach named CyberProtect to prevent misclassification caused by adversarial example attacks. The approach generates adversarial examples for retraining a deep neural network which results in a hardened variant of the deep neural network. The hardened deep neural network sustains a significant better classification rate (82% compared to 20%) while under attack with adversarial examples, as shown by empirical results.


  1. J. Otto, B. Vogel-Heuser, and O. Niggemann. Online parameter estimation for cyber-physical production systems based on mixed integer nonlinear rogramming, process mining and black-box optimization techniques. at-Automatisierungstechnik, 66(4):331–343, 2018.

    Google Scholar 

  2. G. Reinhart, S. Krug, S. Huttner, Z. Mari, F. Riedelbauch, and M. Schlogel. Automatic configuration (plug & produce) of industrial ethernet networks. In Proc. 9th IEEE/IAS International Conference on Industry Applications (INDUSCON), pages 1–6, Sao Paulo, Brazil, nov 2010.

    Google Scholar 

  3. J. Otto, B. Vogel-Heuser, and O. Niggemann. Automatic parameter estimation for reusable software components of modular and reconfigurable cyber-physical production systems in the domain of discrete manufacturing. IEEE Transactions on Industrial Informatics, 14(1):275–282, 2018.

    Google Scholar 

  4. L. Monostori, B. K´ad´ar, T. Bauernhansl, S. Kondoh, S. Kumara, G. Reinhart, O. Sauer, G. Schuh, W. Sihn, and K. Ueda. Cyber-physical systems in manufacturing. International Academy for Production Engineering Annals, 65(2):621–641, 2016.

    Google Scholar 

  5. D. Hossain, G. Capi, M. Jindai, and S. Kaneko. Pick-place of dynamic objects by robot manipulator based on deep learning and easy user interface teaching systems. Industrial Robot: the international journal of robotics research and application, 44(1):11–20, 2017.

    Google Scholar 

  6. S. Jeschke, C. Brecher, T. Meisen, D. ¨ Ozdemir, and T. Eschert. Industrial internet of things and cyber manufacturing systems, pages 3–19. Springer International Publishing, 2017.

    Google Scholar 

  7. C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus. Intriguing properties of neural networks. In Proc. of the 2nd International Conference on Learning Representations (ICLR), Banff, Canada, apr 2014.

    Google Scholar 

  8. K. Stouffer, J. Falco, and K. Scarfone. Guide to industrial control systems (ics) security. NIST special publication, 800(82):16, 2011.

    Google Scholar 

  9. I. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. In Proc. of the 3rd International Conference on Learning Representations (ICLR), San Diego, USA, may 2015.

    Google Scholar 

  10. N. Carlini and D. Wagner. Towards evaluating the robustness of neural networks. In Proc. of the 38th IEEE Symposium on Security and Privacy (SP), pages 39–57, San Jose, USA, may 2017.

    Google Scholar 

  11. Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.

  12. N. Papernot, P. McDaniel, and I. Goodfellow. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. Computing Research Repository (CoRR), abs/1605.07277, 2016.

    Google Scholar 

  13. N. Papernot and P. McDaniel. On the effectiveness of defensive distillation. Computing Research Repository (CoRR), abs/1607.05113, 2016.

    Google Scholar 

  14. W. Xu, D. Evans, and Y. Qi. Feature squeezing: Detecting adversarial examples in deep neural networks. Computing Research Repository (CoRR), abs/1704.01155, 2017.

    Google Scholar 

  15. M. McCann and A. Johnston. Uci ml repository secom dataset, 2008. [Online; accessed 2018-02-05].

    Google Scholar 

  16. M. Abadi et al. Tensorflow: A system for large-scale machine learning. In Proc. of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), volume 16, pages 265–283, Savannah, USA, nov 2016.

    Google Scholar 

  17. DP. Kingma and J. Ba. Adam: A method for stochastic optimization. Computing Research Repository (CoRR), abs/1412.6980, 2014.

    Google Scholar 

  18. I. Goodfellow, N. Papernot, and P. McDaniel. cleverhans v2.0.0.: an adversarial machine learning library. Computing Research Repository (CoRR), abs/1610.00768, 2016.

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Felix Specht .

Editor information

Editors and Affiliations

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Specht, F., Otto, J. (2021). Hardening Deep Neural Networks in Condition Monitoring Systems against Adversarial Example Attacks. In: Beyerer, J., Maier, A., Niggemann, O. (eds) Machine Learning for Cyber Physical Systems. Technologien für die intelligente Automation, vol 13. Springer Vieweg, Berlin, Heidelberg.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-62745-7

  • Online ISBN: 978-3-662-62746-4

  • eBook Packages: EngineeringEngineering (R0)