Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network

The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.

[1]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[2]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[3]  Vrizlynn L. L. Thing,et al.  IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach , 2017, 2017 IEEE Wireless Communications and Networking Conference (WCNC).

[4]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[5]  Konstantinos Demertzis,et al.  Identifying data streams anomalies by evolving spiking restricted Boltzmann machines , 2019, Neural Computing and Applications.

[6]  Wei Gao,et al.  Industrial Control System Traffic Data Sets for Intrusion Detection Research , 2014, Critical Infrastructure Protection.

[7]  J. Koenderink Q… , 2014, Les noms officiels des communes de Wallonie, de Bruxelles-Capitale et de la communaute germanophone.

[8]  Frederick T. Sheldon,et al.  Detecting Stealthy False Data Injection Attacks in Power Grids Using Deep Learning , 2018, 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC).

[9]  Guodong Han,et al.  Effective Feature Extraction via Stacked Sparse Autoencoder to Improve Intrusion Detection System , 2018, IEEE Access.

[10]  Igor Nai Fovino,et al.  State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept , 2009, CRITIS.

[11]  Yitao Liu,et al.  Deep Learning-Based Interval State Estimation of AC Smart Grids Against Sparse Cyber Attacks , 2018, IEEE Transactions on Industrial Informatics.

[13]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[14]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[15]  Seetha Hari,et al.  Learning From Imbalanced Data , 2019, Advances in Computer and Electrical Engineering.

[16]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[17]  Oded Gonda Understanding the threat to SCADA networks , 2014, Netw. Secur..

[18]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[19]  Naixue Xiong,et al.  Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation , 2015, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[20]  Paul Honeine,et al.  ${l_p}$-norms in One-Class Classification for Intrusion Detection in SCADA Systems , 2014, IEEE Transactions on Industrial Informatics.

[21]  Ali Yazdian Varjani,et al.  Alarm based anomaly detection of insider attacks in SCADA system , 2014, 2014 Smart Grid Conference (SGC).

[22]  Jürgen Schmidhuber,et al.  Deep learning in neural networks: An overview , 2014, Neural Networks.

[23]  Wei Gao,et al.  Cyberthreats, attacks and intrusion detection in supervisory control and data acquisition networks , 2013 .

[24]  Timo Hämäläinen,et al.  State of the Art Literature Review on Network Anomaly Detection , 2018, NEW2AN.

[25]  Alvaro A. Cárdenas,et al.  A New Burst-DFA model for SCADA Anomaly Detection , 2017, CPS-SPC@CCS.

[26]  W. Marsden I and J , 2012 .

[27]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[28]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[29]  Lin Li,et al.  Industrial communication intrusion detection algorithm based on improved one-class SVM , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[30]  Igor V. Nikiforov,et al.  A statistical method for detecting cyber/physical attacks on SCADA systems , 2014, 2014 IEEE Conference on Control Applications (CCA).

[31]  Zhuo Lu,et al.  Deep Learning-Aided Cyber-Attack Detection in Power Transmission Systems , 2018, 2018 IEEE Power & Energy Society General Meeting (PESGM).

[32]  Ashkan Sami,et al.  SysDetect: A systematic approach to critical state determination for Industrial Intrusion Detection Systems using Apriori algorithm , 2015 .

[33]  Pascal Vincent,et al.  Representation Learning: A Review and New Perspectives , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[34]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[35]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .