Autoencoder Based Anomaly Detection for SCADA Networks

Supervisory control and data acquisition (SCADA) systems are industrial control systems that are used to monitor critical infrastructures such as airports, transport, health, and public services of national importance. These are cyber physical systems, which are increasingly integrated with networks and internet of things devices. However, this results in a larger attack surface for cyber threats, making it important to identify and thwart cyber-attacks by detecting anomalous network traffic patterns. Compared to other techniques, as well as detecting known attack patterns, machine learning can also detect new and evolving threats. Autoencoders are a type of neural network that generates a compressed representation of its input data and through reconstruction loss of inputs can help identify anomalous data. This paper proposes the use of autoencoders for unsupervised anomaly-based intrusion detection using an appropriate differentiating threshold from the loss distribution and demonstrate improvements in results compared to other techniques for SCADA gas pipeline dataset.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[3]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[4]  Yorick Wilks,et al.  Unsupervised Anomaly Detection , 2007, IJCAI.

[5]  Guy Lapalme,et al.  A systematic analysis of performance measures for classification tasks , 2009, Inf. Process. Manag..

[6]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[7]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[8]  Béla Genge,et al.  A cyber-physical experimentation environment for the security analysis of networked industrial control systems , 2012, Comput. Electr. Eng..

[9]  Matti Mantere,et al.  Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network , 2013, Future Internet.

[10]  H. T. Mouftah,et al.  Smart grid forensic science: applications, challenges, and open issues , 2013, IEEE Communications Magazine.

[11]  Mark A. Buckner,et al.  An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications , 2013, 2013 12th International Conference on Machine Learning and Applications.

[12]  Lasith Yasakethu,et al.  Anomaly Detection via One Class SVM for Protection of SCADA Systems , 2013, 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[13]  Peeyush Jain,et al.  SCADA security: a review and enhancement for DNP3 based systems , 2013, CSI Transactions on ICT.

[14]  Marius Kloft,et al.  Toward Supervised Anomaly Detection , 2014, J. Artif. Intell. Res..

[15]  Paul Honeine,et al.  ${l_p}$-norms in One-Class Classification for Intrusion Detection in SCADA Systems , 2014, IEEE Transactions on Industrial Informatics.

[16]  Leandros A. Maglaras,et al.  A real time OCSVM Intrusion Detection module with low overhead for SCADA systems , 2014 .

[17]  Tanja Zseby,et al.  Analysis of network traffic features for anomaly detection , 2014, Machine Learning.

[18]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[19]  Hartmut König,et al.  Potentials of Using One-Class SVM for Detecting Protocol-Specific Anomalies in Industrial Networks , 2015, 2015 IEEE Symposium Series on Computational Intelligence.

[20]  Mason Rice,et al.  Constructing cost-effective and targetable industrial control system honeypots for production networks , 2015, Int. J. Crit. Infrastructure Prot..

[21]  Ian P. Turnipseed,et al.  Industrial Control System Simulation and Data Logging for Intrusion Detection System Research , 2015 .

[22]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[23]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[24]  Naghmeh Moradpoor,et al.  A survey of intrusion detection system technologies , 2016 .

[25]  David Hutchison,et al.  Evaluation of Anomaly Detection techniques for SCADA communication resilience , 2016, 2016 Resilience Week (RWS).

[26]  Dilip Patel,et al.  Assessing and augmenting SCADA cyber security: A survey of techniques , 2017, Comput. Secur..

[27]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[28]  Amin Mansouri,et al.  Anomaly detection in industrial control systems using evolutionary-based optimization of neural networks , 2017 .

[29]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[30]  Mianxiong Dong,et al.  Neural Network Based Web Log Analysis for Web Intrusion Detection , 2017, SpaCCS Workshops.

[31]  Yurong Liu,et al.  A survey of deep neural network architectures and their applications , 2017, Neurocomputing.

[32]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[33]  Ali Gökhan Yavuz,et al.  Network Anomaly Detection with Stochastically Improved Autoencoder Based Models , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[34]  Nhien-An Le-Khac,et al.  One-Class Collective Anomaly Detection Based on LSTM-RNNs , 2017, Trans. Large Scale Data Knowl. Centered Syst..

[35]  Sander Suursalu,et al.  Predictive Maintenance Using Machine Learning Methods in Petrochemical Refineries , 2017 .

[36]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[37]  Henrik Waagsnes SCADA Intrusion Detection System Test Framework , 2017 .

[38]  Roland Wagner,et al.  Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI , 2017, Lecture Notes in Computer Science.

[39]  Data , 2018, Nature.

[40]  Fu Xiao,et al.  Analytical investigation of autoencoder-based methods for unsupervised anomaly detection in building energy data , 2018 .

[41]  Dilip Patel,et al.  Hyper Parameters Selection for Image Classification in Convolutional Neural Networks , 2018, 2018 IEEE 17th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC).

[42]  Ειρήνη Καπογιάννη Anomaly detection for industrial control systems , 2018 .

[43]  Zhuo Lu,et al.  Deep Learning-Aided Cyber-Attack Detection in Power Transmission Systems , 2018, 2018 IEEE Power & Energy Society General Meeting (PESGM).

[44]  Insoo Koo,et al.  Mitigating the Impacts of Covert Cyber Attacks in Smart Grids Via Reconstruction of Measurement Data Utilizing Deep Denoising Autoencoders , 2019, Energies.

[45]  Sridhar Alla,et al.  Beginning Anomaly Detection Using Python-Based Deep Learning: With Keras and PyTorch , 2019 .

[46]  Alaa Tharwat,et al.  Classification assessment methods , 2020, Applied Computing and Informatics.

[47]  Marc-Alexander Lutz,et al.  Evaluation of Anomaly Detection of an Autoencoder Based on Maintenace Information and Scada-Data , 2020 .

[48]  Ian P. Turnipseed A New SCADA Dataset for Intrusion Detection System Research , 2021 .