Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Sayawu Yakubu Diaba,Theophilus Anafo,Lord Anertei Tetteh,Michael Alewo Oyibo,Andrew Adewale Alola,Miadreza Shafie-Khah,Mohammed Elmusrati

DOI: https://doi.org/10.1016/j.neunet.2023.05.047

Abstract:Supervisory Control and Data Acquisition (SCADA) systems are computer-based control architectures specifically engineered for the operation of industrial machinery via hardware and software models. These systems are used to project, monitor, and automate the state of the operational network through the utilization of ethernet links, which enable two-way communications. However, as a result of their constant connectivity to the internet and the lack of security frameworks within their internal architecture, they are susceptible to cyber-attacks. In light of this, we have proposed an intrusion detection algorithm, intending to alleviate this security bottleneck. The proposed algorithm, the Genetically Seeded Flora (GSF) feature optimization algorithm, is integrated with Transformer Neural Network (TNN) and functions by detecting changes in operational patterns that may be indicative of an intruder's involvement. The proposed Genetically Seeded Flora Transformer Neural Network (GSFTNN) algorithm stands in stark contrast to the signature-based method employed by traditional intrusion detection systems. To evaluate the performance of the proposed algorithm, extensive experiments are conducted using the WUSTL-IIOT-2018 ICS SCADA cyber security dataset. The results of these experiments indicate that the proposed algorithm outperforms traditional algorithms such as Residual Neural Networks (ResNet), Recurrent Neural Networks (RNN), and Long Short-Term Memory (LSTM) in terms of accuracy and efficiency.

Asaad Balla,Mohamed Hadi Habaebi,Elfatih A A Elsheikh,Md Rafiqul Islam,F M Suliman

DOI: https://doi.org/10.3390/s23020758

2023-01-09

Abstract:Integrating IoT devices in SCADA systems has provided efficient and improved data collection and transmission technologies. This enhancement comes with significant security challenges, exposing traditionally isolated systems to the public internet. Effective and highly reliable security devices, such as intrusion detection system (IDSs) and intrusion prevention systems (IPS), are critical. Countless studies used deep learning algorithms to design an efficient IDS; however, the fundamental issue of imbalanced datasets was not fully addressed. In our research, we examined the impact of data imbalance on developing an effective SCADA-based IDS. To investigate the impact of various data balancing techniques, we chose two unbalanced datasets, the Morris power dataset, and CICIDS2017 dataset, including random sampling, one-sided selection (OSS), near-miss, SMOTE, and ADASYN. For binary classification, convolutional neural networks were coupled with long short-term memory (CNN-LSTM). The system's effectiveness was determined by the confusion matrix, which includes evaluation metrics, such as accuracy, precision, detection rate, and F1-score. Four experiments on the two datasets demonstrate the impact of the data imbalance. This research aims to help security researchers in understanding imbalanced datasets and their impact on DL SCADA-IDS.

Afrah Gueriani,Hamza Kheddar,Ahmed Cherif Mazari

2024-05-29

Abstract:Protecting Internet of things (IoT) devices against cyber attacks is imperative owing to inherent security vulnerabilities. These vulnerabilities can include a spectrum of sophisticated attacks that pose significant damage to both individuals and organizations. Employing robust security measures like intrusion detection systems (IDSs) is essential to solve these problems and protect IoT systems from such attacks. In this context, our proposed IDS model consists on a combination of convolutional neural network (CNN) and long short-term memory (LSTM) deep learning (DL) models. This fusion facilitates the detection and classification of IoT traffic into binary categories, benign and malicious activities by leveraging the spatial feature extraction capabilities of CNN for pattern recognition and the sequential memory retention of LSTM for discerning complex temporal dependencies in achieving enhanced accuracy and efficiency. In assessing the performance of our proposed model, the authors employed the new CICIoT2023 dataset for both training and final testing, while further validating the model's performance through a conclusive testing phase utilizing the CICIDS2017 dataset. Our proposed model achieves an accuracy rate of 98.42%, accompanied by a minimal loss of 0.0275. False positive rate(FPR) is equally important, reaching 9.17% with an F1-score of 98.57%. These results demonstrate the effectiveness of our proposed CNN-LSTM IDS model in fortifying IoT environments against potential cyber threats.

Cryptography and Security,Artificial Intelligence

Alaa O. Khadidos,Hariprasath Manoharan,Shitharth Selvarajan,Adil O. Khadidos,Khaled H. Alyoubi,Ayman Yafoz

DOI: https://doi.org/10.3390/en15103624

IF: 3.2

2022-05-16

Energies

Abstract:Detecting intrusions from the supervisory control and data acquisition (SCADA) systems is one of the most essential and challenging processes in recent times. Most of the conventional works aim to develop an efficient intrusion detection system (IDS) framework for increasing the security of SCADA against networking attacks. Nonetheless, it faces the problems of complexity in classification, requiring more time for training and testing, as well as increased misprediction results and error outputs. Hence, this research work intends to develop a novel IDS framework by implementing a combination of methodologies, such as clustering, optimization, and classification. The most popular and extensively utilized SCADA attacking datasets are taken for this system's proposed IDS framework implementation and validation. The main contribution of this work is to accurately detect the intrusions from the given SCADA datasets with minimized computational operations and increased accuracy of classification. Additionally the proposed work aims to develop a simple and efficient classification technique for improving the security of SCADA systems. Initially, the dataset preprocessing and clustering processes were performed using the multifacet data clustering model (MDCM) in order to simplify the classification process. Then, the hybrid gradient descent spider monkey optimization (GDSMO) mechanism is implemented for selecting the optimal parameters from the clustered datasets, based on the global best solution. The main purpose of using the optimization methodology is to train the classifier with the optimized features to increase accuracy and reduce processing time. Moreover, the deep sequential long short term memory (DS-LSTM) is employed to identify the intrusions from the clustered datasets with efficient data model training. Finally, the proposed optimization-based classification methodology's performance and results are validated and compared using various evaluation metrics.

energy & fuels

Ali Alzahrani,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/su15108076

IF: 3.9

2023-05-17

Sustainability

Abstract:Online food security and industrial environments and sustainability-related industries are highly confidential and in urgent need for network traffic analysis to attain proper security information to avoid attacks from anywhere in the world. The integration of cutting-edge technology such as the Internet of things (IoT) has resulted in a gradual increase in the number of vulnerabilities that may be exploited in supervisory control and data acquisition (SCADA) systems. In this research, we present a network intrusion detection system for SCADA networks that is based on deep learning. The goal of this system is to defend ICSs against network-based assaults that are both conventional and SCADA-specific. An empirical evaluation of a number of classification techniques including k-nearest neighbors (KNN), linear discriminant analysis (LDA), random forest (RF), convolution neural network (CNN), and integrated gated recurrent unit (GRU) is reported in this paper. The suggested algorithms were tested on a genuine industrial control system (SCADA), which was known as the WUSTL-IIoT-2018 and WUSTL-IIoT-20121 datasets. SCADA system operators are now able to augment proposed machine learning and deep learning models with site-specific network attack traces as a result of our invention of a re-training method to handle previously unforeseen instances of network attacks. The empirical results, using realistic SCADA traffic datasets, show that the proposed machine learning and deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerging threats. The accuracy performance attained by the KNN and RF algorithms was superior and achieved a near-perfect score of 99.99%, whereas the CNN-GRU model scored an accuracy of 99.98% using WUSTL-IIoT-2018. The Rf and GRU algorithms achieved >99.75% using the WUSTL-IIoT-20121 dataset. In addition, a statistical analysis method was developed in order to anticipate the error that exists between the target values and the prediction values. According to the findings of the statistical analysis, the KNN, RF, and CNN-GRU approaches were successful in achieving an R2 > 99%. This was demonstrated by the fact that the approach was able to handle previously unknown threats in the industrial control systems (ICSs) environment.

environmental sciences,environmental studies,green & sustainable science & technology

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Love Allen Chijioke Ahakonye,Gabriel Chukwunonso Amaizu,Cosmas Ifeanyi Nwakanma,Jae Min Lee,Dong-Seong Kim

DOI: https://doi.org/10.23919/jcn.2023.000067

2024-03-06

Journal of Communications and Networks

Abstract:The domain name system (DNS) has evolved into an essential component of network communications, as well as a critical component of critical industrial systems (CIS) and Supervisory Control and Data Acquisition (SCADA) network connection. DNS over HTTPS (DoH) encapsulating DNS within hypertext transfer protocol secure (HTTPS) does not eliminate network access exploitation. This paper proposes a hybrid deep learning model for the early classification of encoded network traffic into one of the two classes: DoH and NonDoH. They can be malicious, benign, or zero-day attacks. The proposed scheme incorporates the swiftness of the convolutional neural network (CNN) in extracting useful information and the ease of long short-term memory (LSTM) in learning long-term dependencies. The simulation results showed that the proposed approach accurately classifies the encoded network traffic as DoH or NonDoH and characterizes the traffic as benign, zero-day, or malicious. The proposed robust hybrid deep learning model had high accuracy and precision of 99.28%, recall of 99.75%, and AUC of 0.9975 at a minimal training and testing time of 745s and 0.000324 s, respectively. In addition to outperforming other compared contemporary algorithms and existing techniques, the proposed technique significantly detects all attack types. This study also investigated the impact of the SMOTE technique as a tool for data balancing. To further validate the reliability of the proposed scheme, an industrial control system SCADA (ICS-SCADA) dataset, in addition to two (2) other cyber-security datasets (NSL-KDD and CICDS2017), were evaluated. Mathews correlation coefficient (MCC) was employed to validate the model performance, confirming the applicability of the proposed model in a critical industrial system such as SCADA.

computer science, information systems,telecommunications

Zhefan Zhang,Zhiheng Zhao,Jinyong Deng,Yongzhe Chen

DOI: https://doi.org/10.1109/EIECS59936.2023.10435492

2023-01-01

Abstract:As an important part of the information age, network security has been concerned. Industrial control system is an indispensable part of modern production process, but it is also facing the threat from cyber-attacks. Intrusion detection system is an indispensable part of the industrial control system security defense system. It detects the attack data by monitoring the real-time status of network traffic. This paper offers an intrusion detection approach based on parallel CNN-LSTM with self-attention mechanism in accordance with the features of industrial control system network traffic, using the UNSW-NB15 dataset as the research object. After experimental analysis, the accuracy, recall and F1 value are 98.66%, 95.88% and 95.91% and The FPR and FAR are 2.28% and 2.23%. Compared with other intrusion detection models, the proposed method has better performance.

Bakht Sher Ali,Inam Ullah,Tamara Al Shloul,Izhar Ahmed Khan,Ijaz Khan,Yazeed Yasin Ghadi,Akmalbek Abdusalomov,Rashid Nasimov,Khmaies Ouahada,Habib Hamam

DOI: https://doi.org/10.1007/s11227-023-05764-5

2024-01-01

Abstract:The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor’s method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks.

Frantzy Mesadieu,Damiano Torre,Anitha Chennameneni

DOI: https://doi.org/10.1109/access.2024.3390722

IF: 3.9

2024-05-10

IEEE Access

Abstract:The prevalence of cyber-attacks perpetrated over the last two decades, including coordinated attempts to breach targeted organizations, has drastically and systematically exposed some of the more critical vulnerabilities existing in our cyber ecosystem. Particularly in Supervisory Control and Data Acquisition (SCADA) systems with targeted attacks aiming to bypass signature-based protocols, attempting to gain control over operational processes. In the past, researchers utilized deep learning and reinforcement learning algorithms to mitigate threats against industrial control systems (ICS). However, as technology evolves, these techniques become ineffective in monitoring and enhancing the cybersecurity defenses of those system against unwanted attacks. To address these concerns, we propose a deep reinforcement learning (DRL) framework for anomaly detection in the SCADA network. Our model utilizes a "Q-network", which allows it to achieve state-of-the-art performance in pattern recognition from complex tasks. We validated our solution on two publicly available datasets. The WUSTL-IIoT-2018 and the WUSTL-IIoT-2021, each comprised of twenty-five networking features representing benign and attack traffic. The results obtained shows that our model successfully achieved an accuracy of 99.36% in attack detection, highlighting DRL's potential to enhance the security of critical infrastructure and laying the foundation for future research in this domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdulrahman Mahmoud Eid,Bassel Soudan,Ali Bou Nassif,MohammadNoor Injadat

DOI: https://doi.org/10.1007/s00521-024-09857-x

2024-05-11

Neural Computing and Applications

Abstract:This work introduces an intrusion detection system (IDS) tailored for industrial internet of things (IIoT) environments based on an optimized convolutional neural network (CNN) model. The model is trained on a dataset that was balanced using a novel multi-class implementation of synthetic minority over-sampling technique (SMOTE) that ensures equal representation of all classes. Additionally, systematic optimization will be used to fine tune the hyperparameters of the CNN model and mitigate the effects of the increased size of the training dataset. Evaluation results will demonstrate substantial improvement in performance when the optimized CNN model is trained on the balanced dataset. The proposed IDS will be evaluated using the IIoT-specific WUSTL-IIOT-2021 dataset, and then its generalization capability will be verified using the non-domain specific UNSW_NB15 dataset. The model's performance will be evaluated using accuracy, precision, recall, and F 1-score metrics. The results will demonstrate that the proposed IDS is highly effective with performance exceeding 99.9% on all performance metrics. The IDS is also highly effective in detecting intrusion for generic IT networks achieving improvements in excess of 30% compared to the default baseline model. The results emphasize the versatility and effectiveness of the proposed IDS model, making it a reliable and adaptable solution for enhancing network security across diverse network environments.

computer science, artificial intelligence

Ahsan Al Zaki Khan,Gursel Serpen

DOI: https://doi.org/10.48550/arXiv.2012.09707

2020-12-18

Abstract:In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identification system for tens of different types of attacks against industrial SCADA networks. The machine learning classifier is trained and tested on the data generated using the laboratory prototype of a gas pipeline SCADA network. The dataset consists of three attack groups and seven different attack classes or categories. The same dataset further provides signatures of 35 different types of sub-attacks which are related to those seven attack classes. The study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect and identify specifically each of the 35 attack subclasses. The first stage of the classifier decides if a record is associated with normal operation or an attack signature. If the record is found to belong to an attack signature, then in the second stage, it is classified into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record is provided for a third stage sub-attack classification, where seven different classifiers are employed. The output from the third stage classifier identifies the sub-attack type to which the record belongs. Simulation results indicate that designs exploring specialization to domains or executing the classification in multiple stages versus single-stage designs are promising for problems where there are tens of classes. Comparison with studies in the literature also indicated that the multi-stage classifier performed markedly better.

Cryptography and Security

Azriel Henry,Sunil Gautam,Samrat Khanna,Khaled Rabie,Thokozani Shongwe,Pronaya Bhattacharya,Bhisham Sharma,Subrata Chowdhury

DOI: https://doi.org/10.3390/s23020890

IF: 3.9

2023-01-13

Sensors

Abstract:Recently, with the massive growth of IoT devices, the attack surfaces have also intensified. Thus, cybersecurity has become a critical component to protect organizational boundaries. In networks, Intrusion Detection Systems (IDSs) are employed to raise critical flags during network management. One aspect is malicious traffic identification, where zero-day attack detection is a critical problem of study. Current approaches are aligned towards deep learning (DL) methods for IDSs, but the success of the DL mechanism depends on the feature learning process, which is an open challenge. Thus, in this paper, the authors propose a technique which combines both CNN, and GRU, where different CNN–GRU combination sequences are presented to optimize the network parameters. In the simulation, the authors used the CICIDS-2017 benchmark dataset and used metrics such as precision, recall, False Positive Rate (FPR), True Positive Rate (TRP), and other aligned metrics. The results suggest a significant improvement, where many network attacks are detected with an accuracy of 98.73%, and an FPR rate of 0.075. We also performed a comparative analysis with other existing techniques, and the obtained results indicate the efficacy of the proposed IDS scheme in real cybersecurity setups.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Wu Wang,Fouzi Harrou,Benamar Bouyeddou,Sidi-Mohammed Senouci,Ying Sun

DOI: https://doi.org/10.1007/s10586-021-03426-w

2021-10-05

Cluster Computing

Abstract:Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.

Hanan Hindy,David Brosset,Ethan Bayne,Amar Seeam,Xavier Bellekens

DOI: https://doi.org/10.1007/978-3-030-12786-2_1

2019-03-06

Abstract:Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset.

Cryptography and Security,Machine Learning

N. Neha,S. Priyanga,Suresh Seshan,R. Senthilnathan,V. S. Shankar Sriram

DOI: https://doi.org/10.1007/978-981-15-0146-3_88

2020-01-01

Abstract:Supervisory control and data acquisition (SCADA) systems monitor and control the critical infrastructures (CI) such as power generation, smart grids, oil–gas pipelines, wastewater management, and nuclear power plant. Due to the drastic increase in cyber attacks, maintaining SCADA systems has become a complex task. Difficulty in securing the SCADA has gained the attention of researchers in designing a robust intrusion detection system (IDS). However, existing machine-learning and statistical approaches fail to detect the cyber physical attacks with high detection rate. This paper presents a sine-cosine optimization based recurrent neural network (SCO-RNN) to detect the cyber physical attacks against SCADA systems and the performance of the proposed SCO-RNN was validated using the Secure Water Treatment (SWaT) dataset in terms of accuracy and detection rate.

Umesh Kumar Lilhore,Poongodi Manoharan,Sarita Simaiya,Roobaea Alroobaea,Majed Alsafyani,Abdullah M. Baqasah,Surjeet Dalal,Ashish Sharma,Kaamran Raahemifar

DOI: https://doi.org/10.3390/s23187856

IF: 3.9

2023-09-14

Sensors

Abstract:Industrial automation systems are undergoing a revolutionary change with the use of Internet-connected operating equipment and the adoption of cutting-edge advanced technology such as AI, IoT, cloud computing, and deep learning within business organizations. These innovative and additional solutions are facilitating Industry 4.0. However, the emergence of these technological advances and the quality solutions that they enable will also introduce unique security challenges whose consequence needs to be identified. This research presents a hybrid intrusion detection model (HIDM) that uses OCNN-LSTM and transfer learning (TL) for Industry 4.0. The proposed model utilizes an optimized CNN by using enhanced parameters of the CNN via the grey wolf optimizer (GWO) method, which fine-tunes the CNN parameters and helps to improve the model's prediction accuracy. The transfer learning model helps to train the model, and it transfers the knowledge to the OCNN-LSTM model. The TL method enhances the training process, acquiring the necessary knowledge from the OCNN-LSTM model and utilizing it in each next cycle, which helps to improve detection accuracy. To measure the performance of the proposed model, we conducted a multi-class classification analysis on various online industrial IDS datasets, i.e., ToN-IoT and UNW-NB15. We have conducted two experiments for these two datasets, and various performance-measuring parameters, i.e., precision, F-measure, recall, accuracy, and detection rate, were calculated for the OCNN-LSTM model with and without TL and also for the CNN and LSTM models. For the ToN-IoT dataset, the OCNN-LSTM with TL model achieved a precision of 92.7%; for the UNW-NB15 dataset, the precision was 94.25%, which is higher than OCNN-LSTM without TL.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation