Identification of malicious activities in industrial internet of things based on deep learning models

Abstract Internet Industrial Control Systems (IICSs) that connect technological appliances and services with physical systems have become a new direction of research as they face different types of cyber-attacks that threaten their success in providing continuous services to organizations. Such threats cause firms to suffer financial and reputational losses and the stealing of important information. Although Network Intrusion Detection Systems (NIDSs) have been proposed to protect against them, they have the difficult task of collecting information for use in developing an intelligent NIDS which can proficiently detect existing and new attacks. In order to address this challenge, this paper proposes an anomaly detection technique for IICSs based on deep learning models that can learn and validate using information collected from TCP/IP packets. It includes a consecutive training process executed using a deep auto-encoder and deep feedforward neural network architecture which is evaluated using two well-known network datasets, namely, the NSL-KDD and UNSW-NB15. As the experimental results demonstrate that this technique can achieve a higher detection rate and lower false positive rate than eight recently developed techniques, it could be implemented in real IICS environments.

[1]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[2]  Chao Chen,et al.  An Artificial Immune-Based Distributed Intrusion Detection Model for the Internet of Things , 2011 .

[3]  Leandros A. Maglaras,et al.  OCSVM model combined with K-means recursive clustering for intrusion detection in SCADA systems , 2014, 10th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness.

[4]  Rayford B. Vaughn,et al.  The Power of Hands-On Exercises in SCADA Cyber Security Education , 2013, World Conference on Information Security Education.

[5]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[6]  Leandros A. Maglaras,et al.  Intrusion detection in SCADA systems using machine learning techniques , 2014, 2014 Science and Information Conference.

[7]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[8]  Jill Slay,et al.  The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems , 2015, 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[9]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[10]  Fei-Yue Wang,et al.  Traffic Flow Prediction With Big Data: A Deep Learning Approach , 2015, IEEE Transactions on Intelligent Transportation Systems.

[11]  Bahareh Abolhasanzadeh,et al.  Nonlinear dimensionality reduction for intrusion detection using auto-encoder bottleneck features , 2015, 2015 7th Conference on Information and Knowledge Technology (IKT).

[12]  Robert C. Atkinson,et al.  Threat analysis of IoT networks using artificial neural network intrusion detection system , 2016, 2016 International Symposium on Networks, Computers and Communications (ISNCC).

[13]  Young-Gab Kim,et al.  Secure IoT Platform for Industrial Control Systems , 2017, 2017 International Conference on Platform Technology and Service (PlatCon).

[14]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[15]  Simone A. Ludwig Intrusion detection of multiple attack classes using a deep neural net ensemble , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[16]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[17]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[18]  Yoshua Bengio,et al.  Why Does Unsupervised Pre-training Help Deep Learning? , 2010, AISTATS.

[19]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[20]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[21]  Alexander J. Smola,et al.  Efficient mini-batch training for stochastic optimization , 2014, KDD.

[22]  M. Hemalatha,et al.  Effective approach toward Intrusion Detection System using data mining techniques , 2014 .

[23]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[24]  Ming Wan,et al.  Modbus Communication Behavior Modeling and SVM Intrusion Detection Method , 2016 .

[25]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[26]  Wei Yi,et al.  A Big Network Traffic Data Fusion Approach Based on Fisher and Deep Auto-Encoder , 2016 .

[27]  Howon Kim,et al.  Visualized Malware Classification Based-on Convolutional Neural Network , 2016 .

[28]  Paul Williams,et al.  The History of Artificial Intelligence , 1990 .

[29]  Ling Gao,et al.  An Intrusion Detection Model Based on Deep Belief Networks , 2014 .

[30]  Daniel Svozil,et al.  Introduction to multi-layer feed-forward neural networks , 1997 .

[31]  Stephen J. Wright,et al.  Hogwild: A Lock-Free Approach to Parallelizing Stochastic Gradient Descent , 2011, NIPS.

[32]  Jill Slay,et al.  Big Data Analytics for Intrusion Detection System: Statistical Decision-Making Using Finite Dirichlet Mixture Models , 2017 .

[33]  Yuancheng Li,et al.  A Hybrid Malicious Code Detection Method based on Deep Learning , 2015 .

[34]  Lin Li,et al.  Intrusion detection algorithm based on OCSVM in industrial control system , 2016, Secur. Commun. Networks.

[35]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[36]  Xiangjian He,et al.  Detection of Denial-of-Service Attacks Based on Computer Vision Techniques , 2015, IEEE Transactions on Computers.

[37]  Wenhao Huang,et al.  Deep Architecture for Traffic Flow Prediction: Deep Belief Networks With Multitask Learning , 2014, IEEE Transactions on Intelligent Transportation Systems.

[38]  Leandros A. Maglaras,et al.  Exploiting SCADA vulnerabilities using a Human Interface Device , 2015 .

[39]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[40]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[41]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .