Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks

Abstract Internet of Things (IoTs) platform is increasingly being used in modern industries. Billions of devices with smart sensing capabilities, PLCs, actuators, intelligent electronic devices (IEDs) of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) network are connected over IoT platform. IoT platform has facilitated modern industries an efficient monitoring and controlling of physical systems (various hardware and machineries) resulting in an intelligent data acquisition, processing and highly productive and profitable management of business. Initially, these devices have been deployed without any security concern considering these will run in isolated networks. With the new IoT platform scenario, SCADA based ICS networks are integrated with the corporate networks over the internet. Therefore, the devices of a SCADA network are facing significant threat of malicious attacks either through the vulnerabilities of the corporate network or the devices used in the SCADA. Traditional IT security software products are not enough for ICS as these software products consider only operating system related calls and application program interface (API) behaviour of applications, which are only focused on corporate business solutions and related technologies. In this paper, we propose a secure architecture for ICS network that proposes a detection model based on SCADA network traffic. The proposed architecture develops two ensembles based detection algorithms using deep belief network (DBN) and standard classifier, including support vector machines (SVM). The novelty of the proposed architecture is that it uses network traffic feature and payload feature for detection model instead of conventional signature based or API based malware detection technique. In addition, ensemble-DBN of the proposed architecture can overcome many limitations of standard techniques, including the complexity and big size of the training data. The proposed architecture for ICS has been verified using a real SCADA network data. Experimental results show that our ensemble based detection system outperforms over existing attack detection engines.

[1]  Lina Yao,et al.  Converting Your Thoughts to Texts: Enabling Brain Typing via Deep Feature Learning of EEG Signals , 2017, 2018 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[2]  Md. Rafiqul Islam,et al.  Hybrids of support vector machine wrapper and filter based framework for malware detection , 2016, Future Gener. Comput. Syst..

[3]  Cristina Alcaraz,et al.  Security of industrial sensor network-based remote substations in the context of the Internet of Things , 2013, Ad Hoc Networks.

[4]  Jaime A. Camelio,et al.  An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems , 2017 .

[5]  Ing-Ray Chen,et al.  Behavior Rule Based Intrusion Detection for Supporting Secure Medical Cyber Physical Systems , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[6]  Wei Dong,et al.  Robust and Secure Time-Synchronization Against Sybil Attacks for Sensor Networks , 2015, IEEE Transactions on Industrial Informatics.

[7]  Dan Wang,et al.  Modeling Physiological Data with Deep Belief Networks. , 2013, International journal of information and education technology.

[8]  Igor Nai Fovino,et al.  An experimental investigation of malware attacks on SCADA systems , 2009, Int. J. Crit. Infrastructure Prot..

[9]  Shigeng Zhang,et al.  Deterministic Detection of Cloning Attacks for Anonymous RFID Systems , 2015, IEEE Transactions on Industrial Informatics.

[10]  Nitish Srivastava,et al.  Modeling Documents with Deep Boltzmann Machines , 2013, UAI.

[11]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[12]  Cristina Alcaraz,et al.  A three-stage analysis of IDS for critical infrastructures , 2015, Comput. Secur..

[13]  A. K. Bhattacharjee,et al.  Online Monitoring of a Cyber Physical System Against Control Aware Cyber Attacks , 2015 .

[14]  Wei Gao,et al.  Industrial Control System Traffic Data Sets for Intrusion Detection Research , 2014, Critical Infrastructure Protection.

[15]  Evangelos E. Milios,et al.  An ensemble approach for text document clustering using Wikipedia concepts , 2014, DocEng '14.

[16]  Insup Lee,et al.  Model-Driven Safety Analysis of Closed-Loop Medical Systems , 2014, IEEE Transactions on Industrial Informatics.

[17]  Rijo Jackson Tom,et al.  IoT based SCADA integrated with Fog for power distribution automation , 2017, 2017 12th Iberian Conference on Information Systems and Technologies (CISTI).

[18]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[19]  Vicente Matellán Olivera,et al.  Detection of Cyber-attacks to indoor real time localization systems for autonomous robots , 2018, Robotics Auton. Syst..

[20]  David K. Y. Yau,et al.  Data Driven Physical Modelling For Intrusion Detection In Cyber Physical Systems , 2016, SG-CRC.

[21]  Sridhar Adepu,et al.  An Investigation into the Response of a Water Treatment System to Cyber Attacks , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[22]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[23]  Sridhar Adepu,et al.  WaterJam: An Experimental Case Study of Jamming Attacks on a Water Treatment System , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[24]  Siu-Ming Yiu,et al.  Security Issues and Challenges for Cyber Physical System , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[25]  Md. Rafiqul Islam,et al.  A Hybrid Wrapper-Filter Approach for Malware Detection , 1969, J. Networks.

[26]  Chris W. Johnson Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things , 2016 .

[27]  Muttukrishnan Rajarajan,et al.  Employing Program Semantics for Malware Detection , 2015, IEEE Transactions on Information Forensics and Security.

[28]  J J Hopfield,et al.  Neural networks and physical systems with emergent collective computational abilities. , 1982, Proceedings of the National Academy of Sciences of the United States of America.

[29]  Ernest Foo,et al.  Framework for SCADA cyber-attack dataset creation , 2017, ACSW.

[30]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[31]  Sungho Jo,et al.  Deep Physiological Affect Network for the Recognition of Human Emotions , 2020, IEEE Transactions on Affective Computing.

[32]  Birgit Vogel-Heuser,et al.  Design, modelling, simulation and integration of cyber physical systems: Methods and applications , 2016, Comput. Ind..

[33]  Md. Rafiqul Islam,et al.  A fast malware feature selection approach using a hybrid of multi‐linear and stepwise binary logistic regression , 2017, Concurr. Comput. Pract. Exp..

[34]  Lamine Mili,et al.  On the Definition of Cyber-Physical Resilience in Power Systems , 2015, ArXiv.

[35]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.