Anomaly detection for industrial control operations with optimized ABC–SVM and weighted function code correlation analysis

Under the tendency of interconnection and interoperability in Industrial Internet, anomaly detection, which has been widely recognized, has won significant accomplishments in industrial cyber security. However, a crucial issue is how to effectively extract industrial communication features which can accurately and comprehensively describe industrial control operations. Aiming at the function code field in industrial Modbus/TCP communication protocol, this paper proposes a novel feature extraction algorithm based on weighted function code correlation, which not only indicates the contribution of single function code in the whole function code sequence, but also analyzes the correlation of different function codes. In order to design a serviceable detection engine, a dynamic adjusting ABC–SVM (Artificial Bee Colony–Support Vector Machine) anomaly detection model based on double mutations is also developed to identify abnormal behaviors in industrial control communications. The experimental results show that the proposed feature extraction algorithm can effectively reflect the changes of function control behavior in industrial control communications, and the improved ABC–SVM anomaly detection model can strengthen the detection performance by comparing with other anomaly detection engines.

[1]  Sagar Babu Jeldi A Review of Intrusion Detection System using various decision tree Algorithm optimize challenges issues. , 2018, 2018 International Conference on Computational Techniques, Electronics and Mechanical Systems (CTEMS).

[2]  Taeshik Shon,et al.  RNN-based Anomaly Detection in DNP3 Transport Layer , 2019, 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[3]  Hossam Faris,et al.  Grey wolf optimizer: a review of recent variants and applications , 2017, Neural Computing and Applications.

[4]  Xizhao Wang,et al.  A ranking-based adaptive artificial bee colony algorithm for global numerical optimization , 2017, Information Sciences.

[5]  Sumayah Al-Rabiaah,et al.  The “Stuxnet” Virus of 2010 As an Example of A “APT” and Its “Recent” Variances , 2018, 2018 21st Saudi Computer Society National Computer Conference (NCC).

[6]  Kun Zhang,et al.  Intrusion Detection Based on RBF Neural Network , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[7]  Chen Ting,et al.  Detection System and the Realization of the Principle of BP Neural Network Based Intrusion , 2015, 2015 Seventh International Conference on Measuring Technology and Mechatronics Automation.

[8]  Hossam Faris,et al.  Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection , 2019, Journal of Ambient Intelligence and Humanized Computing.

[9]  K. P. Chow,et al.  Defining Attack Patterns for Industrial Control Systems , 2019, Critical Infrastructure Protection.

[10]  Jiaqi Zheng,et al.  MAN: Mutual Attention Neural Networks Model for Aspect-Level Sentiment Classification in SIoT , 2020, IEEE Internet of Things Journal.

[11]  Yingshu Li,et al.  A worker-selection incentive mechanism for optimizing platform-centric mobile crowdsourcing systems , 2020, Comput. Networks.

[12]  Claude Fachkha Cyber Threat Investigation of SCADA Modbus Activities , 2019, 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[13]  Yuanqing Xia,et al.  Stackelberg-Game-Based Defense Analysis Against Advanced Persistent Threats on Cloud Control System , 2020, IEEE Transactions on Industrial Informatics.

[14]  Ahmed Serhrouchni,et al.  Taxonomy of attacks on industrial control protocols , 2015, 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS).

[15]  Vijay Varadharajan,et al.  A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection , 2019, IEEE Communications Surveys & Tutorials.

[16]  Raouf Boutaba,et al.  A comprehensive survey on machine learning for networking: evolution, applications and research opportunities , 2018, Journal of Internet Services and Applications.

[17]  Charles Kim,et al.  Modbus monitoring for networked control systems of cyber-defensive architecture , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[18]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[19]  Iqbal Gondal,et al.  Survey of intrusion detection systems: techniques, datasets and challenges , 2019, Cybersecurity.

[20]  A. Tiwari,et al.  Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective , 2017 .

[21]  Sanyang Liu,et al.  Constrained Optimization by Artificial Bee Colony Framework , 2018, IEEE Access.

[22]  Ichiro Koshijima,et al.  Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine Based on Communication Profile , 2017, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[23]  Jiaqi Zheng,et al.  Toward optimal participant decisions with voting-based incentive model for crowd sensing , 2020, Inf. Sci..

[24]  Ning Zhang,et al.  RAV: Relay Aided Vectorized Secure Transmission in Physical Layer Security for Internet of Things Under Active Attacks , 2019, IEEE Internet of Things Journal.

[25]  Zhaohong Deng,et al.  Robust Relief-Feature Weighting, Margin Maximization, and Fuzzy Optimization , 2010, IEEE Transactions on Fuzzy Systems.

[26]  F. Richard Yu,et al.  Industrial Internet: A Survey on the Enabling Technologies, Applications, and Challenges , 2017, IEEE Communications Surveys & Tutorials.

[27]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.

[28]  Leandros A. Maglaras,et al.  A Cybersecurity Detection Framework for Supervisory Control and Data Acquisition Systems , 2016, IEEE Transactions on Industrial Informatics.

[29]  Rong Zheng,et al.  Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid , 2017, IEEE Syst. J..

[30]  Xiaohong Guan,et al.  Moving Target Defense Approach to Detecting Stuxnet-Like Attacks , 2020, IEEE Transactions on Smart Grid.

[31]  Ming Wan,et al.  Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems , 2017, IEEE Transactions on Information Forensics and Security.

[32]  Mohammed El-Abd,et al.  Performance assessment of foraging algorithms vs. evolutionary algorithms , 2012, Inf. Sci..

[33]  Chunjie Zhou,et al.  Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[34]  Chao Wang IoT anomaly detection method in intelligent manufacturing industry based on trusted evaluation , 2020 .

[35]  Yingjie Wang,et al.  An Optimization and Auction-Based Incentive Mechanism to Maximize Social Welfare for Mobile Crowdsourcing , 2019, IEEE Transactions on Computational Social Systems.