An Ensemble Deep Learning-Based Cyber-Attack Detection in Industrial Control System

The integration of communication networks and the Internet of Things (IoT) in Industrial Control Systems (ICSs) increases their vulnerability towards cyber-attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDSs), which are mainly developed to support information technology systems, count vastly on predefined models and are trained mostly on specific cyber-attacks. Besides, most IDSs do not consider the imbalanced nature of ICS datasets, thereby suffering from low accuracy and high false-positive when being put to use. In this paper, we propose a deep learning model to construct new balanced representations of the imbalanced datasets. The new representations are fed into an ensemble deep learning attack detection model specifically designed for an ICS environment. The proposed attack detection model leverages Deep Neural Network (DNN) and Decision Tree (DT) classifiers to detect cyber-attacks from the new representations. The performance of the proposed model is evaluated based on 10-fold cross-validation on two real ICS datasets. The results show that the proposed method outperforms conventional classifiers, including Random Forest (RF), DNN, and AdaBoost, as well as recent existing models in the literature. The proposed approach is a generalized technique, which can be implemented in existing ICS infrastructures with minimum effort.

[1]  Scott A. Wallace,et al.  Fast Sequence Component Analysis for Attack Detection in Synchrophasor Networks , 2015, ArXiv.

[2]  Avi Ostfeld,et al.  Battle of the Attack Detection Algorithms: Disclosing Cyber Attacks on Water Distribution Networks , 2018, Journal of Water Resources Planning and Management.

[3]  Dhananjay Kumar,et al.  An efficient system for anomaly detection using deep learning classifier , 2017, Signal Image Video Process..

[4]  Louis Wehenkel Machine-Learning Approaches to Power-System Security Assessment , 1997, IEEE Expert.

[5]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[6]  Hadis Karimipour,et al.  An improved two-hidden-layer extreme learning machine for malware hunting , 2020, Comput. Secur..

[7]  Shing-Tung Yau,et al.  Geometric Understanding of Deep Learning , 2018, ArXiv.

[8]  D. Prince Winston,et al.  An enhanced optimization based algorithm for intrusion detection in SCADA network , 2017, Comput. Secur..

[9]  David Hutchison,et al.  Evaluation of Anomaly Detection techniques for SCADA communication resilience , 2016, 2016 Resilience Week (RWS).

[10]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[11]  Henry Leung,et al.  Relaxation-based anomaly detection in cyber-physical systems using ensemble kalman filter , 2019, IET Cyper-Phys. Syst.: Theory & Appl..

[12]  Lav Gupta,et al.  Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things , 2019, IEEE Internet of Things Journal.

[13]  Igor Nai Fovino,et al.  Modbus/DNP3 State-Based Intrusion Detection System , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[14]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[15]  Hadis Karimipour,et al.  Robust Massively Parallel Dynamic State Estimation of Power Systems Against Cyber-Attack , 2018, IEEE Access.

[16]  Ali Dehghantanha,et al.  Fuzzy pattern tree for edge malware detection and categorization in IoT , 2019, J. Syst. Archit..

[17]  Ali Dehghantanha,et al.  A survey on internet of things security: Requirements, challenges, and solutions , 2019, Internet Things.

[18]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[19]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[20]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[21]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[22]  Venkata Dinavahi,et al.  Extended Kalman Filter-Based Parallel Dynamic State Estimation , 2016, IEEE Transactions on Smart Grid.

[23]  H. Vincent Poor,et al.  Machine Learning Methods for Attack Detection in the Smart Grid , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[24]  Venkata Dinavahi,et al.  Parallel Domain-Decomposition-Based Distributed State Estimation for Large-Scale Power Systems , 2016, IEEE Transactions on Industry Applications.

[25]  Liang Chen,et al.  Dynamic State Estimation of Generators Under Cyber Attacks , 2019, IEEE Access.

[26]  Jamie B. Coble,et al.  Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data , 2019, IEEE Transactions on Industrial Informatics.

[27]  Ali Dehghantanha,et al.  Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey , 2019, Internet Things.

[28]  Leandros A. Maglaras,et al.  Intrusion detection in SCADA systems using machine learning techniques , 2014, 2014 Science and Information Conference.

[29]  Sakir Sezer,et al.  Towards A Stateful Analysis Framework for Smart Grid Network Intrusion Detection , 2016, ICS-CSR.

[30]  Qin Lin,et al.  TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems , 2018, AsiaCCS.

[31]  Jun Sun,et al.  Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[32]  Asaf Shabtai,et al.  Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks , 2018, CPS-SPC@CCS.

[33]  Thiago Alves,et al.  Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers , 2018, IEEE Embedded Systems Letters.

[34]  Chunjie Zhou,et al.  Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[35]  Panos J. Antsaklis,et al.  Risk-Sensitive Control Under Markov Modulated Denial-of-Service (DoS) Attack Strategies , 2015, IEEE Transactions on Automatic Control.

[36]  Dechang Pi,et al.  HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems , 2019, IEEE Access.

[37]  Ali Dehghantanha,et al.  A deep unsupervised representation learning approach for effective cyber-physical attack detection and identification on highly imbalanced data , 2019, CASCON.

[38]  Ling Shi,et al.  Optimal DoS Attack Scheduling in Wireless Networked Control System , 2016, IEEE Transactions on Control Systems Technology.

[39]  Hans D. Schotten,et al.  Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests , 2019, 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM).

[40]  Wen-Chiao Hsu,et al.  Anomaly Detection for Industrial Control Systems Using K-Means and Convolutional Autoencoder , 2019, 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM).

[41]  Dmitry Shalyga,et al.  Anomaly Detection for Water Treatment System based on Neural Network with Automatic Architecture Optimization , 2018, ArXiv.

[42]  Hadis Karimipour,et al.  Cyber intrusion detection by combined feature selection algorithm , 2019, J. Inf. Secur. Appl..