scholarly journals A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

Electronics ◽  
2019 ◽  
Vol 8 (12) ◽  
pp. 1545
Author(s):  
Wenbin Yu ◽  
Yiyin Wang ◽  
Lei Song
Keyword(s):  
Intrusion Detection ◽  
Prediction Model ◽  
Intrusion Detection System ◽  
Detection System ◽  
Traffic Prediction ◽  
Industrial Control ◽  
Two Stage ◽  
Detection Model ◽  
False Data Injection ◽  
Injection Attacks

Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs.

scholarly journals A Hierarchical Intrusion Detection System for Industrial Control Networks based on EtherNet/IP

2019 ◽  
Author(s):  
Wenbin Yu ◽  
Yiyin Wang ◽  
Lei Song
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Prediction Model ◽  
Intrusion Detection System ◽  
Detection System ◽  
Traffic Prediction ◽  
Support Vector ◽  
Industrial Control ◽  
Traffic Pattern ◽  
Detection Model

Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanism. A modified intrusion detection system (IDS), which is strongly correlated to specific industrial scenario, is necessary for modern ICS. On the one hand, this paper outlines attack models, including infiltration attacks and our creative forging attack. On the other hand, we proposes a hierarchical IDS, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on autoregressive integrated moving average (ARIMA), can forecast the traffic of ICS network in the short term and precisely detect the infiltration attacks according to abnormal changes in traffic pattern. The anomaly detection model using one-class support vector machine (OCSVM) is able to detect malicious control instructions by analyzing the key field in EtherNet/IP packets. The experimental results show that the hierarchical IDS has an outstanding performance in detecting infiltration attacks and forging attack compared with other two innovative IDSs.

scholarly journals IntruDTree: A Machine Learning-Based Cyber Security Intrusion Detection Model

2020 ◽  
Author(s):  
Iqbal H. Sarker ◽  
Yoosef B. Abushark ◽  
Fawaz Alsolami ◽  
Asif Irshad Khan
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Cyber Security ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
Security Model ◽  
K Nearest Neighbor ◽  
Detection Model

Cyber security has recently received enormous attention in today’s security concerns, due to the popularity of the Internet-of-Things (IoT), the tremendous growth of computer networks, and the huge number of relevant applications. Thus, detecting various cyber-attacks or anomalies in a network and building an effective intrusion detection system that performs an essential role in today’s security is becoming more important. Artificial intelligence, particularly machine learning techniques, can be used for building such a data-driven intelligent intrusion detection system. In order to achieve this goal, in this paper, we present an Intrusion Detection Tree (“IntruDTree”) machine-learning-based security model that first takes into account the ranking of security features according to their importance and then build a tree-based generalized intrusion detection model based on the selected important features. This model is not only effective in terms of prediction accuracy for unseen test cases but also minimizes the computational complexity of the model by reducing the feature dimensions. Finally, the effectiveness of our IntruDTree model was examined by conducting experiments on cybersecurity datasets and computing the precision, recall, fscore, accuracy, and ROC values to evaluate. We also compare the outcome results of IntruDTree model with several traditional popular machine learning methods such as the naive Bayes classifier, logistic regression, support vector machines, and k-nearest neighbor, to analyze the effectiveness of the resulting security model.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Adaptive Ensemble Multi-Agent Based Intrusion Detection Model

2010 ◽  
pp. 36-48 ◽  
Author(s):  
Tarek Helmy
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Agent Based ◽  
Detection Model ◽  
Detection Analysis ◽  
Proposed Model ◽  
Multi Agent

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as intrusion detection system. The performance of the intrusion detection system can be improved by combing anomaly and misuse analysis. This chapter proposes an ensemble multi-agent-based intrusion detection model. The proposed model combines anomaly, misuse, and host-based detection analysis. The agents in the proposed model use rules to check for intrusions, and adopt machine learning algorithms to recognize unknown actions, to update or create new rules automatically. Each agent in the proposed model encapsulates a specific classification technique, and gives its belief about any packet event in the network. These agents collaborate to determine the decision about any event, have the ability to generalize, and to detect novel attacks. Empirical results indicate that the proposed model is efficient, and outperforms other intrusion detection models.

Real-Time Intrusion Detection Based on System Call and ARTIS Model

2014 ◽  
Vol 926-930 ◽  
pp. 3157-3160
Author(s):  
Zhan Huang ◽  
Yu Ying Jiang ◽  
Lu Bin Li
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Methods ◽  
System Call ◽  
Detection Model ◽  
Fixed Length ◽  
Computer Intrusion Detection ◽  
Abnormal Behaviors

The main purpose of a computer intrusion detection system is to accurately distinguish between self and non-self. A novel intrusion detection model based on ARTIS model is proposed by introducing the Red Flower and Green Leaf concepts, and by coordinated use of RF variable length and GL fixed length detectors. Intrusion detection methods are optimized to ensure the quick detection of abnormal behaviors making the model more suitable for real-time intrusion detection and more accurately to distinguish between self-and non-self.

scholarly journals Measurement data intrusion detection in industrial control systems based on unsupervised learning

2021 ◽  
Vol 1 (1) ◽  
pp. 61-74
Author(s):  
Sohrab Mokhtari ◽  
◽  
Kang K Yen
Keyword(s):  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Abnormal Behavior ◽  
Learning Models ◽  
Industrial Control ◽  
Industrial Control Systems

<abstract><p>Anomaly detection strategies in industrial control systems mainly investigate the transmitting network traffic called network intrusion detection system. However, The measurement intrusion detection system inspects the sensors data integrated into the supervisory control and data acquisition center to find any abnormal behavior. An approach to detect anomalies in the measurement data is training supervised learning models that can learn to classify normal and abnormal data. But, a labeled dataset consisting of abnormal behavior, such as attacks, or malfunctions is extremely hard to achieve. Therefore, the unsupervised learning strategy that does not require labeled data for being trained can be helpful to tackle this problem. This study evaluates the performance of unsupervised learning strategies in anomaly detection using measurement data in control systems. The most accurate algorithms are selected to train unsupervised learning models, and the results show an accuracy of 98% in stealthy attack detection.</p></abstract>

scholarly journals An Autoencoder-Based Network Intrusion Detection System for the SCADA System

2021 ◽  
pp. 210-216
Author(s):  
Mustafa Altaha ◽  
◽  
Jae-Myeong Lee ◽  
Muhammad Aslam ◽  
Sugwon Hong
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Communication Protocol ◽  
Detection System ◽  
Main Tool ◽  
Detection Model ◽  
Scada System ◽  
Network Intrusion ◽  
Power Substation

The intrusion detection system (IDS) is the main tool to do security monitoring that is one of the security strategies for the supervisory control and data acquisition (SCADA) system. In this paper, we develop an IDS based on the autoencoder deep learning model (AE-IDS) for the SCADA system. The target SCADA communication protocol of the detection model is the Distributed Network Protocol 3 (DNP3), which is currently the most commonly utilized communication protocol in the power substation. Cyberattacks that we consider are data injection or modification attacks, which are the most critical attacks in the SCADA systems. In this paper, we extracted 17 data features from DNP3 communication, and use them to train the autoencoder network. We measure accuracy and loss of detection and compare them with different supervised deep learning algorithms. The unsupervised AE-IDS model shows better performance than the other deep learning IDS models.

Sign in / Sign up

Export Citation Format

Share Document