Probabilistic models-based intrusion detection using sequence characteristics in control system communication

Abstract The importance of cyber security has increased with the networked and highly complex structure of computer systems, and the increased value of information. Traditionally, control systems did not use networked communication systems. So, the cyber security was not important for the control systems. The networked control systems such as an intelligent distribution network system are appearing, and the cyber security will become very important for the control systems in the near future. However, we have few actual cyber attacks against the control systems. The intrusion detection should be developed by using only normal control system communication. In this paper, we compare conditional random field-based intrusion detection with the other probabilistic models-based intrusion detection. These methods use the sequence characteristics of network traffic in the control system communication. The learning only utilizes normal network traffic data, assuming that there is no prior knowledge on attacks in the system. We applied these two probabilistic models to intrusion detection in DARPA data and an experimental control system network and compared the differences in the performance.

[1]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[2]  Ruchi Jain,et al.  A Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection , 2013 .

[3]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[4]  Bruce Christianson,et al.  Intrusion Detection System using Bayesian Network Modeling , 2014 .

[5]  Christopher Leckie,et al.  An evaluation technique for network intrusion detection systems , 2006, InfoScale '06.

[6]  Andrew McCallum,et al.  Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data , 2001, ICML.

[7]  Yoshizumi Serizawa,et al.  Security technologies, usage and guidelines in SCADA system networks , 2009, 2009 ICCAS-SICE.

[8]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[9]  L. Padma Suresh,et al.  Artificial Intelligence and Evolutionary Algorithms in Engineering Systems , 2015 .

[10]  Takashi Onoda,et al.  Analysis of Intrusion Detection in Control System Communication Based on Outlier Detection with One-Class Classifiers , 2012, ICONIP.

[11]  Yingxu Lai,et al.  A Data Mining Framework for Building Intrusion Detection Models Based on IPv6 , 2009, ISA.

[12]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[13]  Alireza Osareh,et al.  Intrusion Detection in Computer Networks based on Machine Learning Algorithms , 2008 .

[14]  VARUN CHANDOLA,et al.  Outlier Detection : A Survey , 2007 .