Detecting cyberattacks in industrial control systems using online learning algorithms

Abstract Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace—the offensive maneuvers launched by “anonymous” in the digital world that target computer-based assets with the goal of compromising a system’s functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds—power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

[1]  Zhu Han,et al.  Economics of Internet of Things (IoT): An Information Market Approach , 2015, ArXiv.

[2]  Xiao Lu,et al.  Payoff Allocation of Service Coalition in Wireless Mesh Network: A Cooperative Game Perspective , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[3]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[4]  Ichiro Koshijima,et al.  Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile , 2017, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[5]  Zhu Han,et al.  Performance analysis of delay-constrained wireless energy harvesting communication networks under jamming attacks , 2015, 2015 IEEE Wireless Communications and Networking Conference (WCNC).

[6]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[7]  Yi Li,et al.  The Relaxed Online Maximum Margin Algorithm , 1999, Machine Learning.

[8]  Nenghai Yu,et al.  SOL: A Library for Scalable Online Learning Algorithms , 2017, Neurocomputing.

[9]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[10]  Xiao Lu Sensor Networks with Wireless Energy Harvesting , 2016, Wireless-Powered Communication Networks.

[11]  Xiao Lu,et al.  Performance Analysis of Wireless-Powered Relaying with Ambient Backscattering , 2018, 2018 IEEE International Conference on Communications (ICC).

[12]  Ekram Hossain,et al.  Ambient Backscatter-Assisted Wireless-Powered Relaying , 2019, IEEE Transactions on Green Communications and Networking.

[13]  Martin Zinkevich,et al.  Online Convex Programming and Generalized Infinitesimal Gradient Ascent , 2003, ICML.

[14]  Hai Jiang,et al.  Managing Physical Layer Security in Wireless Cellular Networks: A Cyber Insurance Approach , 2018, IEEE Journal on Selected Areas in Communications.

[15]  F ROSENBLATT,et al.  The perceptron: a probabilistic model for information storage and organization in the brain. , 1958, Psychological review.

[16]  Zhu Han,et al.  Game theoretic modeling of jamming attack in wireless powered communication networks , 2015, 2015 IEEE International Conference on Communications (ICC).

[17]  Claudio Gentile,et al.  A New Approximate Maximal Margin Classification Algorithm , 2002, J. Mach. Learn. Res..

[18]  Xiao Lu,et al.  A Cyber Insurance Approach to Manage Physical Layer Secrecy for Massive MIMO Cellular Networks , 2018, 2018 IEEE International Conference on Communications (ICC).

[19]  Matti Mantere,et al.  Challenges of Machine Learning Based Monitoring for Industrial Control System Networks , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[20]  Steven C. H. Hoi,et al.  Exact Soft Confidence-Weighted Learning , 2012, ICML.

[21]  Mark A. Buckner,et al.  An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications , 2013, 2013 12th International Conference on Machine Learning and Applications.

[22]  Min Wu,et al.  Cost-Sensitive Online Classification with Adaptive Regularization and Its Applications , 2015, 2015 IEEE International Conference on Data Mining.

[23]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[24]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[25]  H. Vincent Poor,et al.  Cyber Insurance for Heterogeneous Wireless Networks , 2018, IEEE Communications Magazine.

[26]  Koby Crammer,et al.  Online Passive-Aggressive Algorithms , 2003, J. Mach. Learn. Res..

[27]  Y. Singer,et al.  Ultraconservative online algorithms for multiclass problems , 2003 .

[28]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[29]  Xiao Lu,et al.  A Sender-Side TCP Enhancement for Startup Performance in High-Speed Long-Delay Networks , 2010, 2010 IEEE Wireless Communication and Networking Conference.

[30]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[31]  Steven C. H. Hoi,et al.  Online Learning: A Comprehensive Survey , 2018, Neurocomputing.

[32]  Xiao Lu,et al.  Optimizing content relay policy in publish-subscribe mobile social networks , 2015, 2015 IEEE Wireless Communications and Networking Conference (WCNC).

[33]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[34]  Thomas H. Morris,et al.  Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data , 2015, IEEE Transactions on Industrial Informatics.

[35]  Koby Crammer,et al.  Confidence-weighted linear classification , 2008, ICML '08.

[36]  Hai Le Vu,et al.  MAC performance evaluation in low voltage PLC networks , 2011 .

[37]  Xiao Lu,et al.  Hierarchical cooperation for operator-controlled device-to-device communications: A layered coalitional game approach , 2015, 2015 IEEE Wireless Communications and Networking Conference (WCNC).

[38]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[39]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[40]  Ekram Hossain,et al.  On Coverage Probability With Type-II HARQ in Large-Scale Uplink Cellular Networks , 2020, IEEE Wireless Communications Letters.

[41]  Xiao Lu,et al.  Data Analytics for Fog Computing by Distributed Online Learning with Asynchronous Update , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[42]  Wei Gao On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems , 2019 .

[43]  Ekram Hossain,et al.  Intelligent Reflecting Surface Enabled Covert Communications in Wireless Networks , 2020, IEEE Network.

[44]  Xiao Lu,et al.  Adaptive power management for wireless base stations in a smart grid environment , 2012, IEEE Wireless Communications.

[45]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[46]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[47]  Charles Elkan,et al.  The Foundations of Cost-Sensitive Learning , 2001, IJCAI.

[48]  Yoram Singer,et al.  Online multiclass learning by interclass hypothesis sharing , 2006, ICML.

[49]  Xiao Lu,et al.  Machine-to-machine communications for home energy management system in smart grid , 2011, IEEE Communications Magazine.

[50]  Thomas H. Morris,et al.  Applying Non-Nested Generalized Exemplars Classification for Cyber-Power Event and Intrusion Detection , 2016, IEEE Transactions on Smart Grid.

[51]  David Hutchison,et al.  A survey of cyber security management in industrial control systems , 2015, Int. J. Crit. Infrastructure Prot..

[52]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[53]  Yang Xiang,et al.  A survey on security control and attack detection for industrial cyber-physical systems , 2018, Neurocomputing.

[54]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[55]  Zhu Han,et al.  Ambient Backscatter Assisted Wireless Powered Communications , 2018, IEEE Wireless Communications.

[56]  Koby Crammer,et al.  Exact Convex Confidence-Weighted Learning , 2008, NIPS.

[57]  Koby Crammer,et al.  Adaptive regularization of weight vectors , 2009, Machine Learning.

[58]  Hartmut König,et al.  Potentials of Using One-Class SVM for Detecting Protocol-Specific Anomalies in Industrial Networks , 2015, 2015 IEEE Symposium Series on Computational Intelligence.

[59]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[60]  Zhu Han,et al.  Distributed wireless energy scheduling for wireless powered sensor networks , 2016, 2016 IEEE International Conference on Communications (ICC).