Omni SCADA Intrusion Detection Using Deep Learning Algorithms

In this article, we investigate deep-learning-based omni intrusion detection system (IDS) for supervisory control and data acquisition (SCADA) networks that are capable of detecting both temporally uncorrelated and correlated attacks. Regarding the IDSs developed in this article, a feedforward neural network (FNN) can detect temporally uncorrelated attacks at an F1 of 99.967±0.005% but correlated attacks as low as 58±2%. In contrast, long short-term memory (LSTM) detects correlated attacks at 99.56±0.01% while uncorrelated attacks at 99.3±0.1%. Combining LSTM and FNN through an ensemble approach further improves the IDS performance with F1 of 99.68±0.04% regardless the temporal correlations among the data packets.

[1]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[2]  Liao Zhang An Implementation of SCADA Network Security Testbed , 2017, ArXiv.

[3]  Sridhar Adepu,et al.  An Investigation into the Response of a Water Treatment System to Cyber Attacks , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[4]  Geoffrey E. Hinton,et al.  Speech recognition with deep recurrent neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[5]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[7]  Xiaodai Dong,et al.  Hierarchical Online Intrusion Detection for SCADA Networks , 2016, ArXiv.

[8]  Quoc V. Le,et al.  Sequence to Sequence Learning with Neural Networks , 2014, NIPS.

[9]  Leandros A. Maglaras,et al.  Intrusion detection in SCADA systems using machine learning techniques , 2014, 2014 Science and Information Conference.

[10]  J. Schmidhuber,et al.  A First Look at Music Composition using LSTM Recurrent Neural Networks , 2002 .

[11]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[12]  Miguel Correia,et al.  Anomaly-based intrusion detection in software as a service , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[13]  Safiqul Islam,et al.  Anomaly Intrusion Detection System in Wireless Sensor Networks: Security Threats and Existing Approaches , 2011 .

[14]  G Poojitha,et al.  Intrusion Detection using Artificial Neural Network , 2010, 2010 Second International conference on Computing, Communication and Networking Technologies.

[15]  Imad H. Elhajj,et al.  Internal security attacks on SCADA systems , 2013, 2013 Third International Conference on Communications and Information Technology (ICCIT).

[16]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[17]  Yong Wang,et al.  SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA , 2014, ESORICS.

[18]  Deepa Kundur,et al.  Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed , 2015, 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[19]  Feng Yan,et al.  Research on Accident Inversion and Analysis Method of the Oil and Gas Pipeline SCADA System , 2014, 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation.

[20]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[21]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[22]  Wei Gao,et al.  Industrial Control System Traffic Data Sets for Intrusion Detection Research , 2014, Critical Infrastructure Protection.

[23]  Shivam Patel IEC-61850 Protocol Analysis and Online Intrusion Detection System for SCADA Networks using Machine Learning , 2017 .

[24]  Andrei Petrovski,et al.  Botnet Detection in the Internet of Things using Deep Learning Approaches , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[25]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[26]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[27]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.

[28]  Leandros A. Maglaras,et al.  Integrated OCSVM mechanism for intrusion detection in SCADA systems , 2014 .

[29]  Kyoung-Don Kang,et al.  Detecting Anomalies in Process Control Networks , 2009, Critical Infrastructure Protection.

[30]  Wei Gao,et al.  On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems , 2014, J. Digit. Forensics Secur. Law.

[31]  Lutz Prechelt,et al.  Early Stopping - But When? , 2012, Neural Networks: Tricks of the Trade.

[32]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[33]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[34]  Wassim El-Hajj,et al.  ARP spoofing: a comparative study for education purposes , 2009 .

[35]  S. Kumar,et al.  Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[36]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[37]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[38]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[39]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[40]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[41]  Liang Cheng,et al.  Deep-Learning-Based Network Intrusion Detection for SCADA Systems , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).