A Spiking One-Class Anomaly Detection Framework for Cyber-Security on Industrial Control Systems

Developments and upgrades in the field of industrial information technology, particularly those relating to information systems’ technologies for the collection and processing of real-time data, have introduced a large number of new threats. These threats are primarily related to the specific tasks these applications perform, such as their distinct design specifications, the specialized communication protocols they use and the heterogeneous devices they are required to interconnect. In particular, specialized attacks can undertake mechanical control, dynamic rearrangement of centrifugation or reprogramming of devices in order to accelerate or slow down their operations. This may result in total industrial equipment being destroyed or permanently damaged. Cyber-attacks against Industrial Control Systems which mainly use Supervisory Control and Data Acquisition (SCADA) combined with Distributed Control Systems are implemented with Programmable Logic Controllers. They are characterized as Advanced Persistent Threats. This paper presents an advanced Spiking One-Class Anomaly Detection Framework (SOCCADF) based on the evolving Spiking Neural Network algorithm. This algorithm implements an innovative application of the One-class classification methodology since it is trained exclusively with data that characterize the normal operation of ICS and it is able to detect divergent behaviors and abnormalities associated with APT attacks.

[1]  Jun Luo,et al.  Research on Cost-Sensitive Learning in One-Class Anomaly Detection Algorithms , 2007, ATC.

[2]  Konstantinos Demertzis,et al.  Semi-supervised Hybrid Modeling of Atmospheric Pollution in Urban Centers , 2016, EANN.

[3]  Konstantinos Demertzis,et al.  The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks , 2019, Big Data Cogn. Comput..

[4]  S. L. P. Yasakethu,et al.  Intrusion Detection via Machine Learning for SCADA System Protection , 2013, ICS-CSR.

[5]  Konstantinos Demertzis,et al.  Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains , 2015, SLDS.

[6]  Nikola Kasabov,et al.  Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines , 2002, IEEE Transactions on Neural Networks.

[7]  Konstantinos Demertzis,et al.  Hybrid intelligent modeling of wild fires risk , 2018, Evol. Syst..

[8]  Michael Defoin-Platel,et al.  Integrated Feature and Parameter Optimization for an Evolving Spiking Neural Network , 2008, ICONIP.

[9]  Arnaud Delorme,et al.  Spike-based strategies for rapid processing , 2001, Neural Networks.

[10]  Konstantinos Demertzis,et al.  A Bio-Inspired Hybrid Artificial Intelligence Framework for Cyber Security , 2015 .

[11]  Konstantinos Demertzis,et al.  An innovative soft computing system for smart energy grids cybersecurity , 2018 .

[12]  Konstantinos Demertzis,et al.  FuSSFFra, a fuzzy semi-supervised forecasting framework: the case of the air pollution in Athens , 2018, Neural Computing and Applications.

[13]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[14]  Konstantinos Demertzis,et al.  MOLESTRA : A MultiTask Learning Approach for Real-Time Big Data Analytics , 2018 .

[15]  Arnaud Delorme,et al.  Networks of integrate-and-fire neurons using Rank Order Coding B: Spike timing dependent plasticity and emergence of orientation selectivity , 2001, Neurocomputing.

[16]  Doug Fisher,et al.  SCADA: Supervisory Control and Data Acquisition , 2015 .

[17]  Konstantinos Demertzis,et al.  Extreme deep learning in biosecurity: the case of machine hearing for marine species identification , 2018, J. Inf. Telecommun..

[18]  Konstantinos Demertzis,et al.  Intelligent Bio-Inspired Detection of Food Borne Pathogen by DNA Barcodes: The Case of Invasive Fish Species Lagocephalus Sceleratus , 2015, EANN.

[19]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[20]  Konstantinos Demertzis,et al.  A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification , 2013, e-Democracy.

[21]  Konstantinos Demertzis,et al.  Adaptive Elitist Differential Evolution Extreme Learning Machines on Big Data: Intelligent Recognition of Invasive Species , 2016, INNS Conference on Big Data.

[22]  R. Manicka Chezhian,et al.  Advanced Persistent Threats & Recent HighProfile Cyber Threat Encounters , 2014 .

[23]  Ian P. Turnipseed,et al.  Industrial Control System Simulation and Data Logging for Intrusion Detection System Research , 2015 .

[24]  Konstantinos Demertzis,et al.  HISYCOL a hybrid computational intelligence system for combined machine learning: the case of air pollution modeling in Athens , 2015, Neural Computing and Applications.

[25]  Joseph A. Falco,et al.  IT Security for Industrial Control Systems , 2002 .

[26]  Yasnitsky Leonid Advances in Intelligent Systems and Computing , 2019 .

[27]  Konstantinos Demertzis,et al.  Soft computing forecasting of cardiovascular and respiratory incidents based on climate change scenarios , 2018, 2018 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS).

[28]  Milos Hauskrecht,et al.  Conditional anomaly detection methods for patient-management alert systems. , 2008, Proceedings of the ... International Conference on Machine Learning. International Conference on Machine Learning.

[29]  Ioannis M. Dokas,et al.  Information Systems for Crisis Response and Management in Mediterranean Countries , 2015, Lecture Notes in Business Information Processing.

[30]  Konstantinos Demertzis,et al.  Hybrid Unsupervised Modeling of Air Pollution Impact to Cardiovascular and Respiratory Diseases , 2017, Int. J. Inf. Syst. Crisis Response Manag..

[31]  Nikola Kasabov,et al.  Evolving connectionist systems , 2002 .

[32]  Hwanjo Yu SVMC: Single-Class Classification With Support Vector Machines , 2003, IJCAI.

[33]  Konstantinos Demertzis,et al.  Fast and low cost prediction of extreme air pollution values with hybrid unsupervised learning , 2016, Integr. Comput. Aided Eng..

[34]  Jacques Gautrais,et al.  Rank order coding , 1998 .

[35]  Konstantinos Demertzis,et al.  A Computational Intelligence System Identifying Cyber-Attacks on Smart Energy Grids , 2018 .

[36]  Michael G. Madden,et al.  Multi-Class and Single-Class Classification Approaches to Vehicle Model Recognition from Images , 2005 .

[37]  L. Iliadis,et al.  Cognitive Web Application Firewall to Critical Infrastructures Protection from Phishing Attacks , 2019 .

[38]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[39]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[40]  Konstantinos Demertzis,et al.  A Machine Hearing Framework for Real-Time Streaming Analytics Using Lambda Architecture , 2019, EANN.

[41]  Stuart A. Boyer Scada: Supervisory Control and Data Acquisition , 1993 .

[42]  Piotr Juszczak Learning to recognise : a study on one-class classification and active learning , 2006 .

[43]  Konstantinos Demertzis,et al.  Artificial Intelligence Applications and Innovations: 18th IFIP WG 12.5 International Conference, AIAI 2022, Hersonissos, Crete, Greece, June 17–20, 2022, Proceedings, Part II , 2022, IFIP Advances in Information and Communication Technology.

[44]  Konstantinos Demertzis,et al.  SAME: An Intelligent Anti-malware Extension for Android ART Virtual Machine , 2015, ICCCI.

[45]  Konstantinos Demertzis,et al.  Detecting invasive species with a bio-inspired semi-supervised neurocomputing approach: the case of Lagocephalus sceleratus , 2017, Neural Computing and Applications.

[46]  Konstantinos Demertzis,et al.  A deep spiking machine-hearing system for the case of invasive fish species , 2017, 2017 IEEE International Conference on INnovations in Intelligent SysTems and Applications (INISTA).

[47]  Konstantinos Demertzis,et al.  A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection , 2018, ICANN.

[48]  Hongxing He,et al.  Outlier Detection Using Replicator Neural Networks , 2002, DaWaK.

[49]  Raymond T. Ng,et al.  Distance-based outliers: algorithms and applications , 2000, The VLDB Journal.

[50]  L. Iliadis,et al.  Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System , 2016 .

[51]  Konstantinos Demertzis,et al.  Hybrid Soft Computing Analytics of Cardiorespiratory Morbidity and Mortality Risk Due to Air Pollution , 2017, ISCRAM-med.

[52]  Konstantinos Demertzis,et al.  ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology , 2018, SecITC.

[53]  Andrew Skabar Single-class classifier learning using neural networks: an application to the prediction of mineral deposits , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[54]  M. M. Moya,et al.  One-class classifier networks for target recognition applications , 1993 .

[55]  Konstantinos Demertzis,et al.  Hybrid Soft Computing for Atmospheric Pollution-Climate Change Data Mining , 2018, Trans. Comput. Collect. Intell..

[56]  Weiwei Zhang,et al.  Research on the analytic factor neuron model based on cloud generator and its application in oil&gas SCADA security defense , 2014, 2014 IEEE 3rd International Conference on Cloud Computing and Intelligence Systems.

[57]  Konstantinos Demertzis,et al.  Blockchain-based Consents Management for Personal Data Processing in the IoT Ecosystem , 2018, ICETE.

[58]  Konstantinos Demertzis,et al.  The Impact of Climate Change on Biodiversity: The Ecological Consequences of Invasive Species in Greece , 2018 .

[59]  Albert D. Shieh,et al.  Ensembles of One Class Support Vector Machines , 2009, MCS.

[60]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[61]  Konstantinos Demertzis,et al.  MOLESTRA: A Multi-Task Learning Approach for Real-Time Big Data Analytics , 2018, 2018 Innovations in Intelligent Systems and Applications (INISTA).

[62]  Konstantinos Demertzis,et al.  Classifying with fuzzy chi-square test: The case of invasive species , 2018 .

[63]  Konstantinos Demertzis,et al.  Cyber-Typhon: An Online Multi-task Anomaly Detection Framework , 2019, AIAI.

[64]  David Bailey,et al.  Practical SCADA for industry , 2003 .

[65]  Liang Peng,et al.  Research on the analytic factor neuron model based on cloud generator and its application in oil&gas SCADA security defense , 2014, CLOUD 2014.

[66]  Konstantinos Demertzis,et al.  Machine learning use in predicting interior spruce wood density utilizing progeny test information , 2017, Neural Computing and Applications.

[67]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[68]  Sherif Abdelwahed,et al.  A model-based approach to self-protection in computing system , 2013, CAC.

[69]  Jeff Dozier,et al.  Environmental Informatics , 2012 .

[70]  Konstantinos Demertzis,et al.  Evolving Computational Intelligence System for Malware Detection , 2014, CAiSE Workshops.

[71]  Stefan Schliebs,et al.  Evolving spiking neural network—a survey , 2013, Evolving Systems.

[72]  Konstantinos Demertzis,et al.  Comparative analysis of exhaust emissions caused by chainsaws with soft computing and statistical approaches , 2018, International Journal of Environmental Science and Technology.

[73]  Yannis Soupionis,et al.  Faults and Cyber Attacks Detection in Critical Infrastructures , 2014, CRITIS.

[74]  Konstantinos Demertzis,et al.  The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence , 2018, Big Data Cogn. Comput..

[75]  Simei Gomes Wysoski,et al.  Adaptive Learning Procedure for a Network of Spiking Neurons and Visual Pattern Recognition , 2006, ACIVS.

[76]  Konstantinos Demertzis,et al.  Fuzzy Cognitive Maps for Long-Term Prognosis of the Evolution of Atmospheric Pollution, Based on Climate Change Scenarios: The Case of Athens , 2016, ICCCI.

[77]  Hans-Peter Kriegel,et al.  A survey on unsupervised outlier detection in high‐dimensional numerical data , 2012, Stat. Anal. Data Min..

[78]  Konstantinos Demertzis,et al.  Bio-inspired Hybrid Intelligent Method for Detecting Android Malware , 2016, KICSS.

[79]  Ran El-Yaniv,et al.  Optimal Single-Class Classification Strategies , 2006, NIPS.

[80]  Konstantinos Demertzis,et al.  Temporal Modeling of Invasive Species' Migration in Greece from Neighboring Countries Using Fuzzy Cognitive Maps , 2018, AIAI.

[81]  Konstantinos Demertzis,et al.  Computational intelligence anti-malware framework for android OS , 2017, Vietnam Journal of Computer Science.

[82]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[83]  G. G. Meyer,et al.  Lecture notes in business information processing , 2009 .

[84]  Michael Defoin-Platel,et al.  Integrated feature and parameter optimization for an evolving spiking neural network: Exploring heterogeneous probabilistic models , 2009, Neural Networks.

[85]  Konstantinos Demertzis,et al.  Commentary: Aedes albopictus and Aedes japonicas—two invasive mosquito species with different temperature niches in Europe , 2017, Front. Environ. Sci..