Machine Learning-Based Early Intrusion Detection System in Industrial LAN Networks Using Honeypots

Abstract The emergence of industrial Cyberinfrastructures, the development of information communication technology in industrial fields, and the remote accessibility of automated Industrial Control Systems (ICS) lead to various cyberattacks on industrial networks and Supervisory Control and Data Acquisition (SCADA) networks. The development of ICS industry-specific cybersecurity mechanisms can reduce the vulnerability of systems to fire, explosion, human accidents, environmental damage, and financial loss. Given that vulnerabilities are the points of penetration into industrial systems, and using these weaknesses, threats are organized, and intrusion into industrial systems occurs. Thus, it is essential to continuously improve the security of the networks of industrial control facilities. Traditional intrusion detection systems have been shown to be sluggish and prone to false positives. As a result, these algorithms' performance and speed must be improved. This paper proposes a novel Honeypot enhanced industrial Early Intrusion Detection System (EIDS) incorporated with Machine Learning (ML) algorithms. The proposed scheme collects data from all sensors of Honeypot and industrial devices from the industrial control network, stores it in the database of EIDS, analyses it using expert ML algorithms. The designed system for early intrusion detection can protect industrial systems against vulnerabilities by alerting the shortest possible time using online data mining in the EIDS database. The results show that the proposed EIDS detects anomalous behavior of the data with a high detection rate, low false positives, and better classification accuracy.

Download Full-text

An Intelligent Network Intrusion Detection System Based on Multi-Modal Support Vector Machines

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2013100104 ◽

2013 ◽

Vol 7 (4) ◽

pp. 37-52

Author(s):

Srinivasa K G

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Techniques ◽

Support Vector ◽

Intelligent Network ◽

Statistical Machine Learning ◽

High Detection Rate ◽

Network Intrusion

Increase in the number of network based transactions for both personal and professional use has made network security gain a significant and indispensable status. The possible attacks that an Intrusion Detection System (IDS) has to tackle can be of an existing type or of an entirely new type. The challenge for researchers is to develop an intelligent IDS which can detect new attacks as efficiently as they detect known ones. Intrusion Detection Systems are rendered intelligent by employing machine learning techniques. In this paper we present a statistical machine learning approach to the IDS using the Support Vector Machine (SVM). Unike conventional SVMs this paper describes a milti model approach which makes use of an extra layer over the existing SVM. The network traffic is modeled into connections based on protocols at various network layers. These connection statistics are given as input to SVM which in turn plots each input vector. The new attacks are identified by plotting them with respect to the trained system. The experimental results demonstrate the lower execution time of the proposed system with high detection rate and low false positive number. The 1999 DARPA IDS dataset is used as the evaluation dataset for both training and testing. The proposed system, SVM NIDS is bench marked with SNORT (Roesch, M. 1999), an open source IDS.

Download Full-text

Explanation Framework for Intrusion Detection

Machine Learning for Cyber Physical Systems - Technologien für die intelligente Automation ◽

10.1007/978-3-662-62746-4_9 ◽

2020 ◽

pp. 83-91

Author(s):

Nadia Burkart ◽

Maximilian Franz ◽

Marco F. Huber

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Positives ◽

Human Reasoning ◽

Malicious Activity ◽

Specific Policy ◽

Decision Boundaries

AbstractMachine learning and deep learning are widely used in various applications to assist or even replace human reasoning. For instance, a machine learning based intrusion detection system (IDS) monitors a network for malicious activity or specific policy violations. We propose that IDSs should attach a sufficiently understandable report to each alert to allow the operator to review them more efficiently. This work aims at complementing an IDS by means of a framework to create explanations. The explanations support the human operator in understanding alerts and reveal potential false positives. The focus lies on counterfactual instances and explanations based on locally faithful decision-boundaries.

Download Full-text

A Review on Intrusion Detection System using Artificial Intelligence Approach

SMART MOVES JOURNAL IJOSCIENCE ◽

10.24113/ijoscience.v4i8.153 ◽

2018 ◽

Vol 4 (8) ◽

pp. 6

Author(s):

Apoorva Deshpande

Keyword(s):

Neural Network ◽

Machine Learning ◽

Intrusion Detection ◽

Computational Intelligence ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Techniques ◽

Research Progress ◽

High Detection Rate ◽

Learning Techniques

Today, intrusion detection system using the neural network is an interested and considerable area for the research community. The computational intelligence systems are defined on the basis of the following parameters: fault tolerance and adaptation; adaptable the requirements of make a better intrusion detection model. In this paper, provide an overview of the research progress using computational intelligence to the problem of intrusion detection. The goal of this paper summarized and compared research contributions of Intrusion detection system using computational intelligence and neural network, define existing research challenges and anticipated solution of machine learning. Research showed that application of machine learning techniques in intrusion detection could achieve high detection rate. Machine learning and classification algorithms help to design "Intrusion Detection Models" which can classify the network traffic into intrusive or normal traffic. This paper discusses some commonly used machine learning techniques in Intrusion Detection System and also reviews some of the existing machine learning IDS proposed by researchers at different times.

Download Full-text

A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data

Electronics ◽

10.3390/electronics10040407 ◽

2021 ◽

Vol 10 (4) ◽

pp. 407 ◽

Cited By ~ 1

Author(s):

Sohrab Mokhtari ◽

Alireza Abbaspour ◽

Kang K. Yen ◽

Arman Sargolzaei

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Control Systems ◽

Intrusion Detection System ◽

Detection System ◽

Measurement Data ◽

Traffic Monitoring ◽

Supervised Machine Learning ◽

Industrial Control ◽

Industrial Control Systems

Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.

Download Full-text

Anomaly based Intrusion Detection System using Machine Learning

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.37955 ◽

2021 ◽

Vol 9 (9) ◽

pp. 255-260

Author(s):

Akshat Runwal

Keyword(s):

Machine Learning ◽

Random Forest ◽

Intrusion Detection ◽

Anomaly Detection ◽

Intrusion Detection System ◽

Computer Network ◽

Detection System ◽

High Detection Rate ◽

Network Intrusion ◽

Average Accuracy

Abstract: Attacks on the computer infrastructures are becoming an increasingly serious issue. The problem is ubiquitous and we need a reliable system to prevent it. An anomaly detection-based network intrusion detection system is vital to any security framework within a computer network. The existing Intrusion detection system have a high detection rate but they also have mendacious alert rates. With the use of Machine Learning, we can implement an efficient and reliable model for Intrusion detection and stop some of the hazardous attacks in the network. This paper focuses on detailed study on NSL- KDD dataset after extracting some of the relevant records and then several experiments have been performed and evaluated to assess various machine learning classifiers based on dataset. The implemented experiments demonstrated that the Random forest classifier has achieved the highest average accuracy and has outperformed the other models in various evaluations. Keywords: Intrusion Detection System, Anomaly Detection, Machine Learning, Random Forest, Network Security

Download Full-text