Related papers: An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids

An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids

URL: http://arxiv.org/abs/2312.13737v1
Date: Thu, 21 Dec 2023 11:07:51 GMT
Title: An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids
Authors: Ömer Sen, Philipp Malskorn, Simon Glomb, Immanuel Hacker, Martin Henze, Andreas Ulbig,
Abstract summary: We propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network.
Score: 2.5655761752240505
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Power grids are becoming more digitized, resulting in new opportunities for the grid operation but also new challenges, such as new threats from the cyber-domain. To address these challenges, cybersecurity solutions are being considered in the form of preventive, detective, and reactive measures. Machine learning-based intrusion detection systems are used as part of detection efforts to detect and defend against cyberattacks. However, training and testing data for these systems are often not available or suitable for use in machine learning models for detecting multi-stage cyberattacks in smart grids. In this paper, we propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network. Within the selected scenarios, we observed promising results, but a larger number of scenarios need to be studied to draw a more informed conclusion about the suitability of synthesized data.

Related papers

CARACAS: vehiCular ArchitectuRe for detAiled Can Attacks Simulation [37.89720165358964]
This paper showcases CARACAS, a vehicular model, including component control via CAN messages and attack injection capabilities. CarACAS showcases the efficacy of this methodology, including a Battery Electric Vehicle (BEV) model, and focuses on attacks targeting torque control in two distinct scenarios.
arXiv Detail & Related papers (2024-06-11T10:16:55Z)
Redefining DDoS Attack Detection Using A Dual-Space Prototypical Network-Based Approach [38.38311259444761]
We introduce a new deep learning-based technique for detecting DDoS attacks. We propose a new dual-space prototypical network that leverages a unique dual-space loss function. This approach capitalizes on the strengths of representation learning within the latent space.
arXiv Detail & Related papers (2024-06-04T03:22:52Z)
Anticipated Network Surveillance -- An extrapolated study to predict cyber-attacks using Machine Learning and Data Analytics [0.0]
This paper discusses a novel technique to predict an upcoming attack in a network based on several data parameters. The proposed model comprises dataset pre-processing, and training, followed by the testing phase. Based on the results of the testing phase, the best model is selected using which, event class which may lead to an attack is extracted.
arXiv Detail & Related papers (2023-12-27T01:09:11Z)
MEAOD: Model Extraction Attack against Object Detectors [45.817537875368956]
Model extraction attacks allow attackers to replicate a substitute model with comparable functionality to the victim model. We propose an effective attack method called MEAOD for object detection models. We achieve an extraction performance of over 70% under the given condition of a 10k query budget.
arXiv Detail & Related papers (2023-12-22T13:28:50Z)
Investigation of Multi-stage Attack and Defense Simulation for Data Synthesis [2.479074862022315]
This study proposes a model for generating synthetic data of multi-stage cyber attacks in the power grid. It uses attack trees to model the attacker's sequence of steps and a game-theoretic approach to incorporate the defender's actions.
arXiv Detail & Related papers (2023-12-21T09:54:18Z)
A Variational Autoencoder Framework for Robust, Physics-Informed Cyberattack Recognition in Industrial Cyber-Physical Systems [2.051548207330147]
We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on industrial control systems. The framework has a hybrid design that combines a variational autoencoder (VAE), a recurrent neural network (RNN), and a Deep Neural Network (DNN)
arXiv Detail & Related papers (2023-10-10T19:07:53Z)
Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z)
Deep Q-Learning based Reinforcement Learning Approach for Network Intrusion Detection [1.7205106391379026]
We introduce a new generation of network intrusion detection methods that combines a Q-learning-based reinforcement learning with a deep-feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment. Our experimental results show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.
arXiv Detail & Related papers (2021-11-27T20:18:00Z)
Explainable Adversarial Attacks in Deep Neural Networks Using Activation Profiles [69.9674326582747]
This paper presents a visual framework to investigate neural network models subjected to adversarial examples. We show how observing these elements can quickly pinpoint exploited areas in a model.
arXiv Detail & Related papers (2021-03-18T13:04:21Z)
Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z)
Deep Learning based Covert Attack Identification for Industrial Control Systems [5.299113288020827]
We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
arXiv Detail & Related papers (2020-09-25T17:48:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.