scholarly journals Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Yingxu Lai ◽  
Jingwen Zhang ◽  
Zenghui Liu
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Convolutional Neural Network ◽  
Control Systems ◽  
Mapping Method ◽  
Learning Method ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System

The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.

scholarly journals Behavior Based Anomaly Detection Model in SCADA System

2018 ◽  
Vol 173 ◽  
pp. 01011 ◽  
Author(s):  
Xiaojun Zhou ◽  
Zhen Xu ◽  
Liming Wang ◽  
Kai Chen ◽  
Cong Chen ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Supervisory Control ◽  
Industry 4.0 ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Model ◽  
Scada System ◽  
Behavior Based ◽  
And Control

With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.

scholarly journals MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Symmetry ◽  
2020 ◽  
Vol 12 (10) ◽  
pp. 1583
Author(s):  
Ángel Luis Perales Gómez ◽  
Lorenzo Fernández Maimó ◽  
Alberto Huertas Celdrán ◽  
Félix J. García Clemente
Keyword(s):  
Deep Learning ◽  
Water Treatment ◽  
Anomaly Detection ◽  
Control Systems ◽  
Learning Algorithms ◽  
Treatment Plant ◽  
Cyber Attacks ◽  
Fine Tuning ◽  
Industrial Control ◽  
Industrial Control Systems

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.

Detecting cyberattacks using anomaly detection in industrial control systems: A Federated Learning approach

2021 ◽  
Vol 132 ◽  
pp. 103509
Author(s):  
Truong Thu Huong ◽  
Ta Phuong Bac ◽  
Dao Minh Long ◽  
Tran Duc Luong ◽  
Nguyen Minh Dan ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Learning Approach ◽  
Industrial Control ◽  
Industrial Control Systems

scholarly journals Intrusion Detection for Industrial Control Systems Based on Open Set Artificial Neural Network

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Chao Wang ◽  
Bailing Wang ◽  
Yunxiao Sun ◽  
Yuliang Wei ◽  
Kai Wang ◽  
...  
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Intrusion Detection ◽  
Control Systems ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Open Set ◽  
The Neural Network ◽  
Center Loss ◽  
Artificial Neural

The security of industrial control systems (ICSs) has received a lot of attention in recent years. ICSs were once closed networks. But with the development of IT technologies, ICSs have become connected to the Internet, increasing the potential of cyberattacks. Because ICSs are so tightly linked to human lives, any harm to them could have disastrous implications. As a technique of providing protection, many intrusion detection system (IDS) studies have been conducted. However, because of the complicated network environment and rising means of attack, it is difficult to cover all attack classes, most of the existing classification techniques are hard to deploy in a real environment since they cannot deal with the open set problem. We propose a novel artificial neural network based-methodology to solve this problem. Our suggested method can classify known classes while also detecting unknown classes. We conduct research from two points of view. On the one hand, we use the openmax layer instead of the traditional softmax layer. Openmax overcomes the limitations of softmax, allowing neural networks to detect unknown attack classes. During training, on the other hand, a new loss function termed center loss is implemented to improve detection ability. The neural network model learns better feature representations with the combined supervision of center loss and softmax loss. We evaluate the neural network on NF-BoT-IoT-v2 and Gas Pipeline datasets. The experiments show our proposed method is comparable with the state-of-the-art algorithm in terms of detecting unknown classes. But our method has a better overall classification performance.

Sign in / Sign up

Export Citation Format

Share Document