Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network

The backbone of the economy, security and sustainability of a state is inseparably linked to the security of its critical infrastructure. Critical infrastructures define goods, systems or subsystems that are essential to maintain the vital functions of society, health, physical protection, security plus economic and social well-being of citizens. The digital security of critical infrastructures is a very important priority for the well-being of every country, especially nowadays, because of the direct threats dictated by the current international conjuncture and due to the emerging interactions or interconnections developed between the National Critical Infrastructures, internationally. The aim of this research is the development and testing of an Anomaly Detection intelligent algorithm that has the advantage to run very fast with a small portion of the available data and to perform equally well with the existing approaches. Such a system must be characterized by high efficiency and very fast execution. Thus, we present the Gryphon advanced intelligence system. Gryphon is a Semi- Supervised Unary Anomaly Detection System for big industrial data which is employing an evolving Spiking Neural Network (eSNN) One - Class Classifier (eSNN-OCC). This machine learning algorithm corresponds to a model capable of detecting very fast and efficiently, divergent behaviors and abnormalities associated with cyberattacks, which are known as Advanced Persistent Threat (APT). The training process is performed on data related to the normal function of a critical infrastructure.

[1]  Jun Luo,et al.  Research on Cost-Sensitive Learning in One-Class Anomaly Detection Algorithms , 2007, ATC.

[2]  Paul Fergus,et al.  Behavioural Observation for Critical Infrastructure Security Support , 2013, 2013 European Modelling Symposium.

[3]  Konstantinos Demertzis,et al.  Bio-inspired Hybrid Intelligent Method for Detecting Android Malware , 2016, KICSS.

[4]  Anil K. Jain,et al.  Statistical Pattern Recognition: A Review , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Konstantinos Demertzis,et al.  Semi-supervised Hybrid Modeling of Atmospheric Pollution in Urban Centers , 2016, EANN.

[6]  Konstantinos Demertzis,et al.  Computational intelligence anti-malware framework for android OS , 2017, Vietnam Journal of Computer Science.

[7]  S. L. P. Yasakethu,et al.  Intrusion Detection via Machine Learning for SCADA System Protection , 2013, ICS-CSR.

[8]  Mike P. Papazoglou,et al.  Advanced Information Systems Engineering Workshops , 2014, Lecture Notes in Business Information Processing.

[9]  Ian P. Turnipseed,et al.  Industrial Control System Simulation and Data Logging for Intrusion Detection System Research , 2015 .

[10]  Gordon W. Skelton,et al.  Cyber security for emergency management , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[11]  Dongho Won,et al.  A Practical Study on Advanced Persistent Threats , 2012 .

[12]  Paul Fergus,et al.  A Survey of Critical Infrastructure Security , 2014, Critical Infrastructure Protection.

[13]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[14]  Bianca Zadrozny,et al.  Outlier detection by active learning , 2006, KDD '06.

[15]  Shehroz S. Khan,et al.  One-class classification: taxonomy of study and review of techniques , 2013, The Knowledge Engineering Review.

[16]  Konstantinos Demertzis,et al.  A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification , 2013, e-Democracy.

[17]  Klaus-Robert Müller,et al.  A consistency-based model selection for one-class classification , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[18]  Shigeo Abe,et al.  Implementing Multi-class Classifiers by One-class Classification Methods , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[19]  Lukasz A. Kurgan,et al.  A new synaptic plasticity rule for networks of spiking neurons , 2006, IEEE Transactions on Neural Networks.

[20]  Piotr Juszczak Learning to recognise : a study on one-class classification and active learning , 2006 .

[21]  Konstantinos Demertzis,et al.  SAME: An Intelligent Anti-malware Extension for Android ART Virtual Machine , 2015, ICCCI.

[22]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[23]  Sherif Abdelwahed,et al.  A model-based approach to self-protection in computing system , 2013, CAC.

[24]  Tai-Hoon Kim,et al.  Research on Critical Infrastructures and Critical Information Infrastructures , 2009, 2009 Symposium on Bio-inspired Learning and Intelligent Systems for Security.

[25]  Konstantinos Demertzis,et al.  Evolving Computational Intelligence System for Malware Detection , 2014, CAiSE Workshops.

[26]  Chunlei Wang,et al.  A Simulation Environment for SCADA Security Analysis and Assessment , 2010, 2010 International Conference on Measuring Technology and Mechatronics Automation.

[27]  Stefan Schliebs,et al.  Evolving spiking neural network—a survey , 2013, Evolving Systems.

[28]  Yannis Soupionis,et al.  Faults and Cyber Attacks Detection in Critical Infrastructures , 2014, CRITIS.

[29]  David M. J. Tax,et al.  Online SVM learning: from classification to data description and back , 2003, 2003 IEEE XIII Workshop on Neural Networks for Signal Processing (IEEE Cat. No.03TH8718).

[30]  Malik Yousef,et al.  One-class document classification via Neural Networks , 2007, Neurocomputing.

[31]  Tai-hoon Kim,et al.  Computer Applications for Security, Control and System Engineering , 2012, Communications in Computer and Information Science.

[32]  Konstantinos Demertzis,et al.  A Spiking One-Class Anomaly Detection Framework for Cyber-Security on Industrial Control Systems , 2017, EANN.

[33]  Lise Getoor,et al.  Collective Classification in Network Data , 2008, AI Mag..

[34]  Konstantinos Demertzis,et al.  A Bio-Inspired Hybrid Artificial Intelligence Framework for Cyber Security , 2015 .

[35]  Konstantinos Demertzis,et al.  An innovative soft computing system for smart energy grids cybersecurity , 2018 .

[36]  Doug Fisher,et al.  SCADA: Supervisory Control and Data Acquisition , 2015 .

[37]  Konstantinos Demertzis,et al.  Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains , 2015, SLDS.

[38]  Zhiping Lin,et al.  Data and feature mixed ensemble based extreme learning machine for medical object detection and segmentation , 2015, Multimedia Tools and Applications.

[39]  L. Iliadis,et al.  Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System , 2016 .

[40]  Michal Wozniak,et al.  Soft computing methods applied to combination of one-class classifiers , 2012, Neurocomputing.

[41]  Stuart A. Boyer Scada: Supervisory Control and Data Acquisition , 1993 .

[42]  W. Beyer CRC Standard Probability And Statistics Tables and Formulae , 1990 .

[43]  Wang Peng,et al.  Applications of data mining technique for power system transient stability prediction , 2004, 2004 IEEE International Conference on Electric Utility Deregulation, Restructuring and Power Technologies. Proceedings.

[44]  Francesca Bovolo,et al.  Semisupervised One-Class Support Vector Machines for Classification of Remote Sensing Data , 2010, IEEE Transactions on Geoscience and Remote Sensing.

[45]  Wulfram Gerstner,et al.  Spike-timing dependent plasticity , 2010, Scholarpedia.

[46]  Zhiping Lin,et al.  Liver tumor detection and segmentation using kernel-based extreme learning machine , 2013, 2013 35th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC).

[47]  V. Roth Kernel Fisher Discriminants for Outlier Detection , 2006 .

[48]  Albert D. Shieh,et al.  Ensembles of One Class Support Vector Machines , 2009, MCS.