Machine Learning for Intrusion Detection in Industrial Control Systems:
Applications, Challenges, and Recommendations
- URL: http://arxiv.org/abs/2202.11917v1
- Date: Thu, 24 Feb 2022 06:11:45 GMT
- Title: Machine Learning for Intrusion Detection in Industrial Control Systems:
Applications, Challenges, and Recommendations
- Authors: Muhammad Azmi Umer, Khurum Nazir Junejo, Muhammad Taha Jilani, Aditya
P. Mathur
- Abstract summary: Methods from machine learning are being applied to design Industrial Control Systems resilient to cyber-attacks.
This survey focuses on four types of methods from machine learning in use for intrusion and anomaly detection.
- Score: 6.7318392467856025
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Methods from machine learning are being applied to design Industrial Control
Systems resilient to cyber-attacks. Such methods focus on two major areas: the
detection of intrusions at the network-level using the information acquired
through network packets, and detection of anomalies at the physical process
level using data that represents the physical behavior of the system. This
survey focuses on four types of methods from machine learning in use for
intrusion and anomaly detection, namely, supervised, semi-supervised,
unsupervised, and reinforcement learning. Literature available in the public
domain was carefully selected, analyzed, and placed in a 7-dimensional space
for ease of comparison. The survey is targeted at researchers, students, and
practitioners. Challenges associated in using the methods and research gaps are
identified and recommendations are made to fill the gaps.
Related papers
- Underwater Object Detection in the Era of Artificial Intelligence: Current, Challenge, and Future [119.88454942558485]
Underwater object detection (UOD) aims to identify and localise objects in underwater images or videos.
In recent years, artificial intelligence (AI) based methods, especially deep learning methods, have shown promising performance in UOD.
arXiv Detail & Related papers (2024-10-08T00:25:33Z) - Enhancing Automata Learning with Statistical Machine Learning: A Network Security Case Study [4.2751988244805466]
In this paper, we use automata learning to derive state machines from network-traffic data.
We apply our approach to a commercial network intrusion detection system developed by our industry partner, RabbitRun Technologies.
Our approach results in an average 67.5% reduction in the number of states and transitions of the learned state machines.
arXiv Detail & Related papers (2024-05-18T02:10:41Z) - Interactive System-wise Anomaly Detection [66.3766756452743]
Anomaly detection plays a fundamental role in various applications.
It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data.
We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
arXiv Detail & Related papers (2023-04-21T02:20:24Z) - Adversarial Machine Learning In Network Intrusion Detection Domain: A
Systematic Review [0.0]
It has been found that deep learning models are vulnerable to data instances that can mislead the model to make incorrect classification decisions.
This survey explores the researches that employ different aspects of adversarial machine learning in the area of network intrusion detection.
arXiv Detail & Related papers (2021-12-06T19:10:23Z) - Weakly Supervised Object Localization and Detection: A Survey [145.5041117184952]
weakly supervised object localization and detection plays an important role for developing new generation computer vision systems.
We review (1) classic models, (2) approaches with feature representations from off-the-shelf deep networks, (3) approaches solely based on deep learning, and (4) publicly available datasets and standard evaluation metrics that are widely used in this field.
We discuss the key challenges in this field, development history of this field, advantages/disadvantages of the methods in each category, relationships between methods in different categories, applications of the weakly supervised object localization and detection methods, and potential future directions to further promote the development of this research field
arXiv Detail & Related papers (2021-04-16T06:44:50Z) - Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs.
Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z) - Smart Anomaly Detection in Sensor Systems: A Multi-Perspective Review [0.0]
Anomaly detection is concerned with identifying data patterns that deviate remarkably from the expected behaviour.
This is an important research problem, due to its broad set of application domains, from data analysis to e-health, cybersecurity, predictive maintenance, fault prevention, and industrial automation.
We review state-of-the-art methods that may be employed to detect anomalies in the specific area of sensor systems.
arXiv Detail & Related papers (2020-10-27T09:56:16Z) - Machine Learning Applications in Misuse and Anomaly Detection [0.0]
Machine learning and data mining algorithms play important roles in designing intrusion detection systems.
Based on their approaches toward the detection of attacks in a network, intrusion detection systems can be broadly categorized into two types.
In the misuse detection systems, an attack in a system is detected whenever the sequence of activities in the network matches with a known attack signature.
In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states.
arXiv Detail & Related papers (2020-09-10T19:52:00Z) - AutoOD: Automated Outlier Detection via Curiosity-guided Search and
Self-imitation Learning [72.99415402575886]
Outlier detection is an important data mining task with numerous practical applications.
We propose AutoOD, an automated outlier detection framework, which aims to search for an optimal neural network model.
Experimental results on various real-world benchmark datasets demonstrate that the deep model identified by AutoOD achieves the best performance.
arXiv Detail & Related papers (2020-06-19T18:57:51Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.