A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems

Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method’s performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.

[1]  Jin Wei,et al.  Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism , 2017, IEEE Transactions on Smart Grid.

[2]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[3]  Leandros A. Maglaras,et al.  Integrated OCSVM mechanism for intrusion detection in SCADA systems , 2014 .

[4]  L. Tong,et al.  Malicious Data Attacks on Smart Grid State Estimation: Attack Strategies and Countermeasures , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[5]  Connie M. Borror,et al.  EWMA forecast of normal system activity for computer intrusion detection , 2004, IEEE Transactions on Reliability.

[6]  Faruk Kazi,et al.  A Semi-Supervised Approach for Detection of SCADA Attacks in Gas Pipeline Control Systems , 2020, 2020 IEEE-HYDCON.

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  Elena Sitnikova,et al.  Privacy preservation intrusion detection technique for SCADA systems , 2017, 2017 Military Communications and Information Systems Conference (MilCIS).

[9]  Fouzi Harrou,et al.  Obstacle Detection for Intelligent Transportation Systems Using Deep Stacked Autoencoder and $k$ -Nearest Neighbor Scheme , 2018, IEEE Sensors Journal.

[10]  Gang Xie,et al.  Detecting false data attacks using machine learning techniques in smart grid: A survey , 2020, J. Netw. Comput. Appl..

[11]  Fouzi Harrou,et al.  Early Detection of Parkinson’s Disease Using Deep Learning and Machine Learning , 2020, IEEE Access.

[12]  Mohammad Behdad Mohammad Behdad Jamshidi Jamshidi,et al.  Artificial Intelligence and COVID-19: Deep Learning Approaches for Diagnosis and Treatment , 2020, Ieee Access.

[13]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[14]  Wuling Ren,et al.  Application of Network Intrusion Detection Based on Fuzzy C-Means Clustering Algorithm , 2009, 2009 Third International Symposium on Intelligent Information Technology Application.

[15]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[16]  Ying Sun,et al.  Detecting network cyber-attacks using an integrated statistical approach , 2020, Cluster Computing.

[17]  Zahir Tari,et al.  An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[19]  K. Poolla,et al.  Metrics for assessment of smart grid data integrity attacks , 2012, 2012 IEEE Power and Energy Society General Meeting.

[20]  Guang-Zhong Yang,et al.  Deep Learning for Health Informatics , 2017, IEEE Journal of Biomedical and Health Informatics.

[21]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[22]  Pu Zeng,et al.  Intrusion Detection in SCADA System: A Survey , 2018 .

[23]  Imad H. Elhajj,et al.  SCADA Intrusion Detection System based on temporal behavior of frequent patterns , 2014, MELECON 2014 - 2014 17th IEEE Mediterranean Electrotechnical Conference.

[24]  Liang Cheng,et al.  Deep-Learning-Based Network Intrusion Detection for SCADA Systems , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).

[25]  Yoav Freund,et al.  Boosting the margin: A new explanation for the effectiveness of voting methods , 1997, ICML.

[26]  Haider Abbas,et al.  Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges , 2016, IEEE Access.

[27]  Ridha Soua,et al.  Machine Learning for Reliable Network Attack Detection in SCADA Systems , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[28]  Kaiming He,et al.  Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[29]  Jason Weston,et al.  A unified architecture for natural language processing: deep neural networks with multitask learning , 2008, ICML '08.

[30]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[31]  Abdullah Abuhussein,et al.  Identifying and Scoring Vulnerability in SCADA Environments , 2017 .

[32]  Zahir Tari,et al.  TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems , 2020, IEEE Access.

[33]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[34]  Demis Hassabis,et al.  Improved protein structure prediction using potentials from deep learning , 2020, Nature.

[35]  D.J. Leith,et al.  Adaptive Kalman Filtering for anomaly detection in software appliances , 2008, IEEE INFOCOM Workshops 2008.

[36]  Panagiotis G. Sarigiannidis,et al.  Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems , 2019, IEEE Access.

[37]  Zlatko Bundalo,et al.  Microcomputer based embedded SCADA and RFID systems implemented on LINUX platform , 2017, 2017 6th Mediterranean Conference on Embedded Computing (MECO).

[38]  Yiqiang Chen,et al.  Context Aware Anomaly Behavior Analysis for Smart Home Systems , 2019 .

[39]  Jasna D. Marković-Petrović,et al.  A Review of Research Work on Network-Based SCADA Intrusion Detection Systems , 2020, IEEE Access.

[40]  D. Prince Winston,et al.  An enhanced optimization based algorithm for intrusion detection in SCADA network , 2017, Comput. Secur..

[41]  Igor Nai Fovino,et al.  Modbus/DNP3 State-Based Intrusion Detection System , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[42]  Zdeněk Peroutka,et al.  Artificial Intelligence and COVID-19: Deep Learning Approaches for Diagnosis and Treatment , 2020, IEEE Access.

[43]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[44]  Joe H. Chow,et al.  Detecting malicious manipulation of synchrophasor data , 2015, 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[45]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[46]  David Pfau,et al.  Ab-Initio Solution of the Many-Electron Schrödinger Equation with Deep Neural Networks , 2019, Physical Review Research.

[47]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[48]  Wei Gao,et al.  Industrial Control System Traffic Data Sets for Intrusion Detection Research , 2014, Critical Infrastructure Protection.

[49]  Daniel Mossé,et al.  A survey on intrusion detection and prevention systems in digital substations , 2021, Comput. Networks.

[50]  David H. Wolpert,et al.  Stacked generalization , 1992, Neural Networks.

[51]  Li Yang,et al.  A novel intelligent assessment method for SCADA information security risk based on causality analysis , 2019, Cluster Computing.

[52]  Antonios Sarigiannidis,et al.  DIDEROT: an intrusion detection and prevention system for DNP3-based SCADA systems , 2020, ARES.

[53]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[54]  Xiaodai Dong,et al.  Omni SCADA Intrusion Detection Using Deep Learning Algorithms , 2019, IEEE Internet of Things Journal.

[55]  Tara N. Sainath,et al.  Deep Neural Networks for Acoustic Modeling in Speech Recognition: The Shared Views of Four Research Groups , 2012, IEEE Signal Processing Magazine.