Anomaly Detection Methods for IIoT Networks

IIoT networks are different from general IT networks such as office or business networks where multiple various types of applications, protocols and traffic profiles are presented, and the cyber security challenges are more on protecting data confidentiality and integrity than on network availability. IIoT networks have special features and face unique challenges in defending against cyber-attacks. This paper briefly describes the requirements and challenges in IIoT network security, and presents an overview of the existing network anomaly detection methods. The paper further presents other anomaly detection methods that are specifically applicable to IIoT networks, as those methods exploit the deterministic features of the physical world in detecting the anomalies in the observed behavior.

[1]  Ragnar Schierholz,et al.  Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration , 2009, 2009 IEEE Conference on Emerging Technologies & Factory Automation.

[2]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[3]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[4]  Amin Hassanzadeh,et al.  Towards effective security control assignment in the Industrial Internet of Things , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[5]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[6]  Xinyu Yang,et al.  A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications , 2017, IEEE Internet of Things Journal.

[7]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[8]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[12]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[13]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[14]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[15]  Hermann Ney,et al.  The Alignment Template Approach to Statistical Machine Translation , 2004, CL.

[16]  Marios M. Polycarpou,et al.  Fault Diagnosis and Network Anomaly Detection in Water Infrastructures , 2017, IEEE Design & Test.

[17]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[18]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[19]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[20]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[21]  Ravishankar K. Iyer,et al.  Semantic security analysis of SCADA networks to detect malicious control commands in power grids , 2013, SEGS '13.

[22]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[23]  Greg Linden,et al.  Amazon . com Recommendations Item-to-Item Collaborative Filtering , 2001 .

[24]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[25]  Ravishankar K. Iyer,et al.  Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol , 2013, CSIIRW '13.

[26]  Siddharth Sridhar,et al.  Model-Based Attack Detection and Mitigation for Automatic Generation Control , 2014, IEEE Transactions on Smart Grid.

[27]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part II: Attack Detection Using Enhanced Hydrodynamic Models , 2013, IEEE Transactions on Control Systems Technology.

[28]  Aditya Ashok,et al.  Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid , 2017, Proceedings of the IEEE.

[29]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[30]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..