A malicious threat detection model for cloud assisted internet of things (CoT) based industrial control system (ICS) networks using deep belief network

Abstract Internet of Things (IoT) devices are extensively used in modern industries combined with the conventional industrial control system (ICS) network through the industrial cloud to make the production data easily available to the corporate business management and easier control for highly profitable production systems. The different devices within the conventional ICS network originally manufactured to run on an isolated network and was not considered for the privacy and security of the control and production/architecture data being trafficked over the manufacturing plant to the corporate. Due to their extensive integration with the industrial cloud network over the internet, these ICS networks are exposed to a significant threat of malicious activities created by malicious software. Protecting ICS from such attacks requires continuous update of their database of anti-malware tools which requires efforts from manual experts on a regular basis. This limits real time protection of ICS. Earlier work by Huda et al. (2017) based on a semi-supervised approach performed well. However training process of the semi-supervised-approach (Huda et al., 2017) is complex procedure which requires a hybridization of feature selection, unsupervised clustering and supervised training techniques. Therefore, it could be time consuming for ICS network for real time protection. In this paper, we propose an adaptive threat detection model for industrial cloud of things (CoT) based on deep learning. Deep learning has been used in many domain of pattern recognition and a popular approach for its simple training procedure. Most importantly, deep learning can learn the hidden patterns of the domain in an unsupervised manner which can avoid the requirements of huge expensive labeled data. We used this particular characteristic of deep learning to design our detection model. Two different types of deep learning based detection models are proposed in this work. The first model uses a disjoint training and testing data for a deep belief network (DBN) and corresponding artificial neural network (ANN). In the second proposed detection model, DBN is trained using new unlabeled data to provide DBN with additional knowledge about the changes in the malicious attack patterns. Novelty of the proposed detection models is that the models are adaptive where training procedures is simpler than earlier work (Huda et al, 2017) and can adapt new malware behaviors from already available and cheap unlabeled data at the same time. This will avoid expensive manual labeling of new attacks and corresponding time complexity making it feasible for ICS networks. Performances of standard DBNs are sensitive to its configurations and values for the hyper-parameters including number of hidden nodes, learning rate and number epochs. Therefore proposed detection models find an optimal configuration by varying the structure of DBNs and other parameters. The proposed detection models are extensively tested on a real malware test bed. Experimental results show that the proposed approaches achieve higher accuracies than standard detection algorithms and obtain similar performances with earlier semi-supervised work (Huda et al., 2017) but provide a comparatively simplified training model.

[1]  Eric Filiol,et al.  Behavioral detection of malware: from a survey towards an established taxonomy , 2008, Journal in Computer Virology.

[2]  Dirk Schaefer,et al.  Software-defined cloud manufacturing for industry 4.0 , 2016 .

[3]  Birgit Vogel-Heuser,et al.  Design, modelling, simulation and integration of cyber physical systems: Methods and applications , 2016, Comput. Ind..

[4]  Mehmet Kayaalp,et al.  Efficiently Securing Systems from Code Reuse Attacks , 2014, IEEE Transactions on Computers.

[5]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[6]  Shigeng Zhang,et al.  Deterministic Detection of Cloning Attacks for Anonymous RFID Systems , 2015, IEEE Transactions on Industrial Informatics.

[7]  Kieran McLaughlin,et al.  SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection , 2013, IEEE Transactions on Information Forensics and Security.

[8]  Zhou,et al.  An Enhanced Automated Signature Generation Algorithm for Polymorphic Malware Detection , 2010 .

[9]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[10]  Insup Lee,et al.  Model-Driven Safety Analysis of Closed-Loop Medical Systems , 2014, IEEE Transactions on Industrial Informatics.

[11]  Nataasha Raul,et al.  Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks , 2012, ArXiv.

[12]  Richard Piggin,et al.  Are industrial control systems ready for the cloud? , 2015, Int. J. Crit. Infrastructure Prot..

[13]  Hung-Min Sun,et al.  A Native APIs Protection Mechanism in the Kernel Mode against Malicious Code , 2011, IEEE Transactions on Computers.

[14]  Jaime A. Camelio,et al.  An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems , 2017 .

[15]  Md. Rafiqul Islam,et al.  Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data , 2017, Inf. Sci..

[16]  Alécio Pedro Delazari Binotto,et al.  A Cloud-based Architecture for the Internet of Things targeting Industrial Devices Remote Monitoring and Control , 2016 .

[17]  Muttukrishnan Rajarajan,et al.  Employing Program Semantics for Malware Detection , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Wanlei Zhou,et al.  Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware , 2013, IEEE Transactions on Computers.

[19]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[20]  Inderjit S. Dhillon,et al.  Efficient Clustering of Very Large Document Collections , 2001 .

[21]  Xin Wang,et al.  Growing Grapes in Your Computer to Defend Against Malware , 2014, IEEE Transactions on Information Forensics and Security.

[22]  Vicente Matellán Olivera,et al.  Detection of Cyber-attacks to indoor real time localization systems for autonomous robots , 2018, Robotics Auton. Syst..

[23]  Renata Imaculada Soares Pereira,et al.  IoT embedded linux system based on Raspberry Pi applied to real-time cloud monitoring of a decentralized photovoltaic plant , 2018 .

[24]  Cristina Alcaraz,et al.  A three-stage analysis of IDS for critical infrastructures , 2015, Comput. Secur..