Enhanced Anomaly Detection in Industrial Control Systems aided by Machine Learning

• URL: http://arxiv.org/abs/2410.19717v1
• Date: Fri, 25 Oct 2024 17:41:33 GMT
• Title: Enhanced Anomaly Detection in Industrial Control Systems aided by Machine Learning
• Authors: Vegard Berge, Chunlei Li,
• Abstract summary: This study investigates whether combining both network and process data can improve attack detection in ICSs environments. Our findings suggest that integrating network traffic with operational process data can enhance detection capabilities. Although the results are promising, they are preliminary and highlight the need for further studies.
• Score: 2.2457306746668766
• License:
• Abstract: Traditional intrusion detection systems (IDSs) often rely on either network traffic or process data, but this single-source approach may miss complex attack patterns that span multiple layers within industrial control systems (ICSs) or persistent threats that target different layers of operational technology systems. This study investigates whether combining both network and process data can improve attack detection in ICSs environments. Leveraging the SWaT dataset, we evaluate various machine learning models on individual and combined data sources. Our findings suggest that integrating network traffic with operational process data can enhance detection capabilities, evidenced by improved recall rates for cyber attack classification. Serving as a proof-of-concept within a limited testing environment, this research explores the feasibility of advancing intrusion detection through a multi-source data approach in ICSs. Although the results are promising, they are preliminary and highlight the need for further studies across diverse datasets and refined methodologies.

Related papers

• Systematic review, analysis, and characterisation of malicious industrial network traffic datasets for aiding Machine Learning algorithm performance testing [0.0]
  This paper systematically reviews publicly available network traffic capture-based datasets. It includes categorisation of contained attack types, review of metadata, and statistical as well as complexity analysis. It provides researchers with metadata that can be used to select the best dataset for their research question.
  arXiv  Detail & Related papers  (2024-05-08T07:48:40Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Reinforcement Learning Based Multi-modal Feature Fusion Network for Novel Class Discovery [47.28191501836041]
  In this paper, we employ a Reinforcement Learning framework to simulate the cognitive processes of humans. We also deploy a Member-to-Leader Multi-Agent framework to extract and fuse features from multi-modal information. We demonstrate the performance of our approach in both the 3D and 2D domains by employing the OS-MN40, OS-MN40-Miss, and Cifar10 datasets.
  arXiv  Detail & Related papers  (2023-08-26T07:55:32Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• GowFed -- A novel Federated Network Intrusion Detection System [0.15469452301122172]
  This work presents GowFed, a novel network threat detection system that combines the usage of Gower Dissimilarity matrices and Federated averaging. Different approaches of GowFed have been developed based on state-of the-art knowledge: (1) a vanilla version; and (2) a version instrumented with an attention mechanism. Overall, GowFed intends to be the first stepping stone towards the combined usage of Federated Learning and Gower Dissimilarity matrices to detect network threats in industrial-level networks.
  arXiv  Detail & Related papers  (2022-10-28T23:53:37Z)
• Deep Transfer Learning: A Novel Collaborative Learning Model for Cyberattack Detection Systems in IoT Networks [17.071452978622123]
  Federated Learning (FL) has recently become an effective approach for cyberattack detection systems. FL can improve learning efficiency, reduce communication overheads and enhance privacy for cyberattack detection systems. Challenges in implementation of FL in such systems include unavailability of labeled data and dissimilarity of data features in different IoT networks.
  arXiv  Detail & Related papers  (2021-12-02T05:26:29Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• Deep Learning based Covert Attack Identification for Industrial Control Systems [5.299113288020827]
  We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
  arXiv  Detail & Related papers  (2020-09-25T17:48:43Z)
• A Comparative Study of AI-based Intrusion Detection Techniques in Critical Infrastructures [4.8041243535151645]
  We present a comparative study of Artificial Intelligence (AI)-driven intrusion detection systems for wirelessly connected sensors that track crucial applications. Specifically, we present an in-depth analysis of the use of machine learning, deep learning and reinforcement learning solutions to recognize intrusive behavior in the collected traffic. Results present the performance metrics for three different IDSs namely the Adaptively Supervised and Clustered Hybrid IDS, Boltzmann Machine-based Clustered IDS and Q-learning based IDS.
  arXiv  Detail & Related papers  (2020-07-24T20:55:57Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.