scholarly journals Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

Author(s):  
Moojan Pordelkhaki ◽  
Shereen Fouad ◽  
Mark Josephs
Electronics ◽  
2021 ◽  
Vol 10 (4) ◽  
pp. 407 ◽  
Author(s):  
Sohrab Mokhtari ◽  
Alireza Abbaspour ◽  
Kang K. Yen ◽  
Arman Sargolzaei

Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.


2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Chao Wang ◽  
Bailing Wang ◽  
Yunxiao Sun ◽  
Yuliang Wei ◽  
Kai Wang ◽  
...  

The security of industrial control systems (ICSs) has received a lot of attention in recent years. ICSs were once closed networks. But with the development of IT technologies, ICSs have become connected to the Internet, increasing the potential of cyberattacks. Because ICSs are so tightly linked to human lives, any harm to them could have disastrous implications. As a technique of providing protection, many intrusion detection system (IDS) studies have been conducted. However, because of the complicated network environment and rising means of attack, it is difficult to cover all attack classes, most of the existing classification techniques are hard to deploy in a real environment since they cannot deal with the open set problem. We propose a novel artificial neural network based-methodology to solve this problem. Our suggested method can classify known classes while also detecting unknown classes. We conduct research from two points of view. On the one hand, we use the openmax layer instead of the traditional softmax layer. Openmax overcomes the limitations of softmax, allowing neural networks to detect unknown attack classes. During training, on the other hand, a new loss function termed center loss is implemented to improve detection ability. The neural network model learns better feature representations with the combined supervision of center loss and softmax loss. We evaluate the neural network on NF-BoT-IoT-v2 and Gas Pipeline datasets. The experiments show our proposed method is comparable with the state-of-the-art algorithm in terms of detecting unknown classes. But our method has a better overall classification performance.


2017 ◽  
Vol 13 (2/3) ◽  
pp. 206 ◽  
Author(s):  
Estefanía Etchevés Miciolino ◽  
Dario Di Noto ◽  
Federico Griscioli ◽  
Maurizio Pizzonia ◽  
Jörg Kippe ◽  
...  

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Ankang Chu ◽  
Yingxu Lai ◽  
Jing Liu

Intrusion detection is essential for ensuring the security of industrial control systems. However, conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. In this study, we propose an industrial control intrusion detection approach based on a combined deep learning model for communication processes that use the Modbus protocol. Initially, the network packets are classified as carrying information and noncarrying information based on key fields according to the communication protocol used. Next, a template comparison approach is employed to detect the network packets that do not carry any information. Furthermore, an approach based on a GoogLeNet-long short-term memory model is used to detect the network packets that do carry information. This approach involves network packet sequence construction, feature extraction, and time-series level detection. Subsequently, the detected intrusions are classified into multiple categories through a Softmax classifier. A gas pipeline dataset of the Modbus protocol is used to evaluate the proposed approach and compare it with existing strategies. The accuracy, false-positive rate, and miss rate are 97.56%, 2.42%, and 2.51%, respectively, thus confirming that the proposed approach is suitable for intrusion detection in industrial control systems.


Sign in / Sign up

Export Citation Format

Share Document