Shili Yan,Bing Tang,Qing Yang,Yijia He,Xiaoyuan Zhang

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom57177.2022.00082

2022-01-01

Abstract:To ensure the stability and reliability of service quality, large Internet companies need to closely monitor various KPIs (Key Performance Indicators, such as network throughput, CPU usages) and trigger timely troubleshooting or mitigation when any anomaly occurs. However, the diversity and complexity of anomalies bring great challenges to this work, especially when there is no manual label and low delay is required. In this paper, we propose HS-VAE (Highly Sensitive Variational Auto-Encoders), an unsupervised, robust algorithm based on CVAE (Conditional Variational Auto-Encoders) with high sensitivity to anomalies for KPIs, which contains mainly 3 parts: a simple but important data filter before training, improved conditional VAE with two dropout layers and adjusted anomaly detection method based on reconstruction probability. Our experiments using real-world data show that, HS-VAE's best F1-score ranges from 0.91 to 0.98. In addition, HS- VAE is excellent in sensitivity to anomaly and works well even with low latency requirements.

Daniel Fährmann,Naser Damer,Florian Kirchbuchner,Arjan Kuijper

DOI: https://doi.org/10.3390/s22082886

IF: 3.9

2022-04-09

Sensors

Abstract:Heterogeneous cyberattacks against industrial control systems (ICSs) have had a strong impact on the physical world in recent decades. Connecting devices to the internet enables new attack surfaces for attackers. The intrusion of ICSs, such as the manipulation of industrial sensory or actuator data, can be the cause for anomalous ICS behaviors. This poses a threat to the infrastructure that is critical for the operation of a modern city. Nowadays, the best techniques for detecting anomalies in ICSs are based on machine learning and, more recently, deep learning. Cybersecurity in ICSs is still an emerging field, and industrial datasets that can be used to develop anomaly detection techniques are rare. In this paper, we propose an unsupervised deep learning methodology for anomaly detection in ICSs, specifically, a lightweight long short-term memory variational auto-encoder (LW-LSTM-VAE) architecture. We successfully demonstrate our solution under two ICS applications, namely, water purification and water distribution plants. Our proposed method proves to be efficient in detecting anomalies in these applications and improves upon reconstruction-based anomaly detection methods presented in previous work. For example, we successfully detected 82.16% of the anomalies in the scenario of the widely used Secure Water Treatment (SWaT) benchmark. The deep learning architecture we propose has the added advantage of being extremely lightweight.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yanqing Yang,Kangfeng Zheng,Bin Wu,Yixian Yang,Xiujuan Wang

DOI: https://doi.org/10.1109/access.2020.2977007

IF: 3.9

2020-01-01

IEEE Access

Abstract:To explore the advantages of adversarial learning and deep learning, we propose a novel network intrusion detection model called SAVAER-DNN, which can not only detect known and unknown attacks but also improve the detection rate of low-frequent attacks. SAVAER is a supervised variational auto-encoder with regularization, which uses WGAN-GP instead of the vanilla GAN to learn the latent distribution of the original data. SAVAER's decoder is used to synthesize samples of low-frequent and unknown attacks, thereby increasing the diversity of training samples and balancing the training data set. SAVAER's encoder is used to initialize the weights of the hidden layers of the DNN and explore high-level feature representations of the original samples. The benchmark NSL-KDD (KDDTest+), NSL-KDD (KDDTest-21) and UNSW-NB15 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed SAVAER-DNN is more suitable for data augmentation than the other three well-known data oversampling methods. Moreover, the proposed SAVAER-DNN outperforms eight well-known classification models in detection performance and is more effective in detecting low-frequent and unknown attacks. Furthermore, compared with other state-of-the-art intrusion detection models reported in the IDS literature, the proposed SAVAER-DNN offers better performance in terms of overall accuracy, detection rate, F1 score, and false positive rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanqing Yang,Kangfeng Zheng,Chunhua Wu,Yixian Yang

DOI: https://doi.org/10.3390/s19112528

IF: 3.9

2019-06-02

Sensors

Abstract:Intrusion detection systems play an important role in preventing security threats and protecting networks from attacks. However, with the emergence of unknown attacks and imbalanced samples, traditional machine learning methods suffer from lower detection rates and higher false positive rates. We propose a novel intrusion detection model that combines an improved conditional variational AutoEncoder (ICVAE) with a deep neural network (DNN), namely ICVAE-DNN. ICVAE is used to learn and explore potential sparse representations between network data features and classes. The trained ICVAE decoder generates new attack samples according to the specified intrusion categories to balance the training data and increase the diversity of training samples, thereby improving the detection rate of the imbalanced attacks. The trained ICVAE encoder is not only used to automatically reduce data dimension, but also to initialize the weight of DNN hidden layers, so that DNN can easily achieve global optimization through back propagation and fine tuning. The NSL-KDD and UNSW-NB15 datasets are used to evaluate the performance of the ICVAE-DNN. The ICVAE-DNN is superior to the three well-known oversampling methods in data augmentation. Moreover, the ICVAE-DNN outperforms six well-known models in detection performance, and is more effective in detecting minority attacks and unknown attacks. In addition, the ICVAE-DNN also shows better overall accuracy, detection rate and false positive rate than the nine state-of-the-art intrusion detection methods.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chang Liu,Ruslan Antypenko,Iryna Sushko,Oksana Zakharchenko,Chang Liu,Ruslan Antypenko,Iryna Sushko,Oksana Zakharchenko

DOI: https://doi.org/10.1109/tr.2022.3164877

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Industrial Internet of Things (IoT) is the most rapidly developing industry in the current IoT industry, and the intrusion detection system (IDS) remains one of the key technologies for industrial IoT security protection. Researchers have considered applying algorithms such as machine learning and deep learning to network IDSs to cope with complex and changing network environments and to automatically extract key features from high-dimensional feature data. However, in the real industrial IoT environment, data imbalance is the main factor that affects the performance of the deep-learning-based IDS. In this article, we study the network intrusion detection model based on data level. Three data-based research schemes are constructed step by step in this article, which are a data augmentation scheme based on the variational autoencoder (VAE), a data-balancing scheme based on the conditional VAE, and a data-balancing scheme based on random undersampling and conditional VAE. The three data-level-based schemes are combined with the deep-learning-based IDS. In this article, we build experiments based on the CSE-CIC-IDS2018 dataset to verify the effectiveness of three data processing schemes. After data enhancement through the third scheme, the Macro-F1-score of the convolutional-neural-network-based IDS model improved by 3.75% and the Macro-F1-score of the gated-recurrent-unit-based IDS model improved by 5.32%.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Jian Yang,Xiang Chen,Shuangwu Chen,Xiaofeng Jiang,Xiaobin Tan

DOI: https://doi.org/10.1109/tifs.2021.3083422

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Promptly discovering unknown network attacks is critical for reducing the risk of major loss imposed on organizations and information infrastructure. This paper aims at developing an intelligent intrusion detection system capable of classifying known attacks as well as inferring unknown ones. To achieve this, we formulate the problem of fine-grained known/unknown intrusion detection as a two-stage minimization problem, where the first stage is to seek a score measure for minimizing the empirical risk of misclassifying the known attacks, while the second stage is to find another score measure for minimizing the identification risk of inferring unknown attacks. The hierarchical nature of problem formulation allows us to employ the class conditioned auto-encoders to construct a hierarchical intrusion detection framework. Since the reconstruction errors of unknown attacks are generally higher than that of the known attacks, we further employ extreme value theory in the second stage to model the distribution of reconstruction errors for differentiating known/unknown attack. To further reduce the false positive rate, we add a benign clustering module for learning the multimodal distribution of benign traffic. We conduct an experiment on two widely used datasets for assessing intrusion detection. The results show that the proposed method improves the detection rate of unknown attacks while keeping a low false positive rate.

computer science, theory & methods,engineering, electrical & electronic

Xing Xu,Jie Li,Yang Yang,Fumin Shen

DOI: https://doi.org/10.1109/jiot.2020.3034621

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Intrusion detection is an important technique that can provide solid protection for the network equipment against the security attacks. However, the attacks are usually unbalanced in different types and the attacks of unknown classes may also occur with the growth of Internet construction. In this case, the traditional machine learning-based intrusion detection methods usually have inferior detection accuracy and high false-positive rates. To tackle this problem, in this article, we propose a novel deep learning-based intrusion detection method named log-cosh conditional variational autoencoder (LCVAE). It inherits the capability of the conditional variational autoencoder (CVAE) that can capture the complex distribution of observed data and generate new data with prespecified classes. Different from the traditional CVAE, to better model the discrete property in the intrusion data, we design an effective loss term using the log hyperbolic cosine (log-cosh) function in the proposed LCVAE method. It can well balance the generation and reconstruction procedures and is more effective to generate diverse intrusion data for the imbalanced classes. To improve the detection accuracy, we utilize the classification based on convolutional neural network to perform feature extraction and classification based on the observed and generated intrusion data. We conduct extensive experiments on the challenging data set NSL-KDD with large-scale intrusion data. The results show that the superior detection performance of the proposed LCVAE method comparing with several state-of-the-art intrusion detection methods, and also demonstrate the potentiality of generating new intrusion data with promising diversity.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A. Gutierrez

DOI: https://doi.org/10.1007/s44196-024-00644-z

IF: 2.259

2024-09-11

International Journal of Computational Intelligence Systems

Abstract:Traditional security detection methods face challenges in identifying zero-day attacks in critical infrastructures (CIs) integrated with the industrial internet of things (IIoT). These attacks exploit unknown vulnerabilities and are difficult to detect due to their connection to physical systems. The integration of legacy ICS networks with modern computing and networking technologies has significantly expanded the attack surface, making these systems more susceptible to cyber-attacks. Despite existing security measures, attackers continually find ways to breach these operating networks. Anomaly detection systems are critical in protecting these CIs from current cyber threats. This study investigates the effectiveness of unsupervised anomaly detection models in detecting operational anomalies that could lead to cyber-attacks, thereby disrupting and negatively impacting quality of life. We preprocess the data with a focus on cybersecurity and chose the SWAT dataset because it accurately represents the types of attack vectors that critical infrastructures commonly encounter. We evaluated the performance of isolation forest (IF), local outlier factor (LOF), one-class SVM (OCSVM), and Autoencoder algorithms—trained exclusively on normal data—in enhancing cybersecurity within IIoT environments. Our comprehensive analysis includes an assessment of each model's detection capabilities. The findings highlight the VAE-LSTM model's potential to identify cyber-attacks within seconds in a high-frequency dataset, suggesting near real-time detection capability. The final model combines the reconstruction ability of the variational autoencoder (VAE) with regularization using the Kullback–Leibler divergence, reflecting the non-Gaussian nature of industrial system data. Our model successfully detected 23 out of 26 attack scenarios in the SWAT dataset, demonstrating its effectiveness in improving the security of IIoT-based CIs.

computer science, artificial intelligence, interdisciplinary applications

Trieu-Phong Nguyen,Jeongho Cho,Daehee Kim

DOI: https://doi.org/10.1016/j.knosys.2024.112563

IF: 8.139

2024-10-02

Knowledge-Based Systems

Abstract:Despite the affordability, simplicity, and efficiency of controller area network (CAN) protocols, the security vulnerability remains a major challenge. Currently, a machine learning-based intrusion detection system (IDS) is considered an effective approach for improving security in CAN by identifying malicious attacks. However, earlier studies that relied on supervised learning methods required considerable amounts of labeled data. Data collection from vehicles is time-consuming and expensive. Furthermore, the obtained data exhibited a class imbalance, which presents further challenges in the analysis and model training. Thus, we propose a semi-supervised learning-based IDS that combines variational autoencoder (VAE) and adversarial reinforcement learning for the multi-class classification of both known and unknown attacks. The proposed system capitalizes on the diverse patterns inherent in unlabeled data, transforming this data space into one that is more conducive to classification. Concurrently, adversarial agents in the reinforcement learning algorithm interact competitively, progressively enhancing their ability to intelligently classify and select samples. To reduce the reliance on labeled data and effectively exploit them, we utilize a pseudo-labeling process for pre-training. Experimental results indicate that the proposed model achieves more effective classification while requiring less labeled data compared to other baseline models for known attacks. By inheriting the advantages of VAE, promising results demonstrate that the proposed system detects unknown attacks containing similar or completely different characteristics with high F1 scores exceeding 0.9 and 0.84, respectively. Finally, the proposed system was demonstrated to be a lightweight model for the expeditious detection of malevolent messages introduced into in-vehicle networks to ensure minimal latency.

computer science, artificial intelligence

Phai Vu Dinh,Quang Uy Nguyen,Dinh Thai Hoang,Diep N. Nguyen,Son Pham Bao,Eryk Dutkiewicz

2023-12-05

Abstract:Intrusion detection systems (IDSs) play a critical role in protecting billions of IoT devices from malicious attacks. However, the IDSs for IoT devices face inherent challenges of IoT systems, including the heterogeneity of IoT data/devices, the high dimensionality of training data, and the imbalanced data. Moreover, the deployment of IDSs on IoT systems is challenging, and sometimes impossible, due to the limited resources such as memory/storage and computing capability of typical IoT devices. To tackle these challenges, this article proposes a novel deep neural network/architecture called Constrained Twin Variational Auto-Encoder (CTVAE) that can feed classifiers of IDSs with more separable/distinguishable and lower-dimensional representation data. Additionally, in comparison to the state-of-the-art neural networks used in IDSs, CTVAE requires less memory/storage and computing power, hence making it more suitable for IoT IDS systems. Extensive experiments with the 11 most popular IoT botnet datasets show that CTVAE can boost around 1% in terms of accuracy and Fscore in detection attack compared to the state-of-the-art machine learning and representation learning methods, whilst the running time for attack detection is lower than 2E-6 seconds and the model size is lower than 1 MB. We also further investigate various characteristics of CTVAE in the latent space and in the reconstruction representation to demonstrate its efficacy compared with current well-known methods.

Machine Learning,Cryptography and Security

Wenbin Yao,Longcan Hu,Yingying Hou,Xiaoyong Li

DOI: https://doi.org/10.3390/s23084141

IF: 3.9

2023-04-21

Sensors

Abstract:Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Wenli Shang,Jiawei Qiu,Haotian Shi,Shuang Wang,Lei Ding,Yanjun Xiao

DOI: https://doi.org/10.1155/2024/5459452

IF: 8.993

2024-06-04

International Journal of Intelligent Systems

Abstract:Industrial control systems (ICSs), as critical national infrastructures, are increasingly susceptible to sophisticated security threats. To address this challenge, our study introduces the CAE‐T, a deep convolutional autoencoding transformer network designed for efficient anomaly detection and real‐time fault monitoring in ICS. The CAE‐T utilizes unsupervised deep learning, employing a convolutional autoencoder for spatial feature extraction from multidimensional time‐series data, and combines this with a transformer architecture to capture long‐term temporal dependencies. The design of the model facilitates rapid training and inference, while its dual‐component approach, utilizing an optimization function based on support vector data description (SVDD), enhances detection accuracy. This integration synergistically combines spatiotemporal feature extraction, significantly improving the robustness and precision of anomaly detection in ICS environments. The CAE‐T model demonstrated notable performance enhancements across three industrial control system datasets. Notably, the CAE‐T model achieved approximately a 70.8% increase in F1 score and a 9.2% rise in AUC on the WADI dataset. On the SWaT dataset, the model showed improvements of approximately 2.8% in F1 score and 5% in AUC. The power system dataset saw more modest gains, with an approximately 0.1% uptick in F1 score and a 1% increase in AUC. These improvements validate the CAE‐T model's efficacy and robustness in anomaly detection across various scenarios.

computer science, artificial intelligence

Thien-Nu Hoang,Daehee Kim

DOI: https://doi.org/10.48550/arXiv.2204.01193

2022-04-04

Abstract:With the development of autonomous vehicle technology, the controller area network (CAN) bus has become the de facto standard for an in-vehicle communication system because of its simplicity and efficiency. However, without any encryption and authentication mechanisms, the in-vehicle network using the CAN protocol is susceptible to a wide range of attacks. Many studies, which are mostly based on machine learning, have proposed installing an intrusion detection system (IDS) for anomaly detection in the CAN bus system. Although machine learning methods have many advantages for IDS, previous models usually require a large amount of labeled data, which results in high time and labor costs. To handle this problem, we propose a novel semi-supervised learning-based convolutional adversarial autoencoder model in this paper. The proposed model combines two popular deep learning models: autoencoder and generative adversarial networks. First, the model is trained with unlabeled data to learn the manifolds of normal and attack patterns. Then, only a small number of labeled samples are used in supervised training. The proposed model can detect various kinds of message injection attacks, such as DoS, fuzzy, and spoofing, as well as unknown attacks. The experimental results show that the proposed model achieves the highest F1 score of 0.99 and a low error rate of 0.1\% with limited labeled data compared to other supervised methods. In addition, we show that the model can meet the real-time requirement by analyzing the model complexity in terms of the number of trainable parameters and inference time. This study successfully reduced the number of model parameters by five times and the inference time by eight times, compared to a state-of-the-art model.

Cryptography and Security

Hajar Hameed Addeen,Yang Xiao,Tieshan Li

DOI: https://doi.org/10.1109/access.2024.3384295

IF: 3.9

2024-04-09

IEEE Access

Abstract:Modern technologies adopt Internet of Things (IoT) devices to increase water management efficiency and enhance water quality services. However, the limitations of IoT devices, such as small sizes and poor security, weaken the Water Distribution System (WDS) security, and many attackers compromise the critical components of WDS. Cyber-physical attacks (CPAs) are considered one of the biggest challenges that decrease the security factors in WDS by disrupting normal operations and tampering with the critical data of the water system. For instance, an attacker can change the water pump's speed, disrupting the service. An attacker can also alter the data of water quality parameters to contaminate the water. It is important to propose solutions to increase security in the WDS and defend against CPAs and security threats. Although several intrusion detection methods were proposed in the literature to detect WDS CPAs, many issues still need solutions, such as detecting attacks with smaller false alarms, minimizing the time to disclose the attacks, determining the location of the compromising components, and recovering solutions for the attacked components. Therefore, this paper proposes a model based on a deep learning algorithm called a Conditional variational Autoencoder (CVAE) to disclose CPAs and mitigate their bad effects on WDS. The proposed method consists of a neural network, an encoder to compress data, and a decoder to decompress data. The objective goal is to minimize the reconstruction error between the encoded-decoded data and the initial data. We apply the CVAE on some well-known datasets. The experiment results show that our proposed CVAE method performs better than others. After analyzing the CVAE model with other existing models, we get the highest performance by reaching %98 accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chaofei Tang,Nurbol Luktarhan,Yuxin Zhao

DOI: https://doi.org/10.3390/sym12091458

2020-09-04

Symmetry

Abstract:Due to the insidious characteristics of network intrusion behaviors, developing an efficient intrusion detection system is still a big challenge, especially in the era of big data where the number of traffic and the dimension of each traffic feature are high. Because of the shortcomings of traditional common machine learning algorithms in network intrusion detection, such as insufficient accuracy, a network intrusion detection system based on LightGBM and autoencoder (AE) is proposed. The LightGBM-AE model proposed in this paper includes three steps: data preprocessing, feature selection, and classification. The LightGBM-AE model adopts the LightGBM algorithm for feature selection, and then uses an autoencoder for training and detection. When a set of data containing network intrusion behaviors are inputted into an autoencoder, there is a large reconstruction error between the original input data and the reconstructed data obtained by the autoencoder, which provides a basis for intrusion detection. According to the reconstruction error, an appropriate threshold is set to distinguish symmetrically between normal behavior and attack behavior. The experiment is carried out on the NSL-KDD dataset and implemented using Pytorch. In addition to autoencoder, variational autoencoder (VAE) and denoising autoencoder (DAE) are also used for intrusion detection and are compared with existing machine learning algorithms such as Decision Tree, Random Forest, KNN, GBDT, and XGBoost. The evaluation is carried out through classification evaluation indexes such as accuracy, precision, recall, F1-score. The experimental results show that the method can efficiently separate the attack behavior from normal behavior according to the reconstruction error. Compared with other methods, the effectiveness and superiority of this method are verified.

Xiaokang Zhou,Yiyong Hu,Wei Liang,Jianhua Ma,Qun Jin

DOI: https://doi.org/10.1109/tii.2020.3022432

IF: 12.3

2021-05-01

IEEE Transactions on Industrial Informatics

Abstract:With the increasing population of Industry 4.0, industrial big data (IBD) has become a hotly discussed topic in digital and intelligent industry field. The security problem existing in the signal processing on large scale of data stream is still a challenge issue in industrial internet of things, especially when dealing with the high-dimensional anomaly detection for intelligent industrial application. In this article, to mitigate the inconsistency between dimensionality reduction and feature retention in imbalanced IBD, we propose a variational long short-term memory (VLSTM) learning model for intelligent anomaly detection based on reconstructed feature representation. An encoderdecoder neural network associated with a variational reparameterization scheme is designed to learn the low-dimensional feature representation from high-dimensional raw data. Three loss functions are defined and quantified to constrain the reconstructed hidden variable into a more explicit and meaningful form. A lightweight estimation network is then fed with the refined feature representation to identify anomalies in IBD. Experiments using a public IBD dataset named UNSW-NB15 demonstrate that the proposed VLSTM model can efficiently cope with imbalance and high-dimensional issues, and significantly improve the accuracy and reduce the false rate in anomaly detection for IBD according to F1, area under curve (AUC), and false alarm rate (FAR).

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Shaoqiang Wang,Baosen Zheng,Zhaoyuan Liu,Ziyao Fan,Yubao Liu,Yinfei Dai

DOI: https://doi.org/10.1109/access.2024.3445498

IF: 3.9

2024-01-01

IEEE Access

Abstract:As the connectivity between Electronic Control Units (ECUs) and the external environment intensifies, the security and safeguarding of In-Vehicle Networks (IVNs) have become pressing issues. The Controller Area Network (CAN) bus, the most commonly employed vehicular network protocol, is particularly vulnerable due to its inherent lack of security measures, making it susceptible to various attacks. In this paper, we introduce a novel intrusion detection model for CAN networks, named IVN-ViT. The proposed IVN-ViT model utilizes an enhanced Vision Transformer architecture (Edge-ViT), incorporating self-supervised learning with Cutout data augmentation, Particle Swarm Optimization (PSO) for feature selection, and a fine-tuning strategy that merges Parameter Instance Discrimination (PID) with supervised loss. This not only enhances the model’s convergence speed and predictive accuracy but also meets the lightweight requirements of CAN networks. Experimental results on the "HCRL-car hacking" dataset and the "X-CANIDS" dataset demonstrate that our model achieves over 99% accuracy across all types of attacks. In a simulated vehicular environment, the detection latency for each message averages approximately 1.04ms, fully meeting the first-time requirements of CAN networks. The experiments validate that our proposed method significantly improves model accuracy while ensuring efficient operation within the limited computational resources available in vehicle systems.

Linna Fan,Jiahai Yang,T. Mi

DOI: https://doi.org/10.1007/978-981-15-8411-4_125

2021-01-01

Abstract:Network intrusion system is an important part of maintaining the security of the network. In this paper, we present a novel VAE-based network intrusion system. VAE is used to get a stable latent representation of the input vector to realize the function of dimension reduction. After that, the lower-dimensional latent representation is sent to the random forest classifier to get the final result. We compare our model with baseline method in KDD Cup'99 and NSL-KDD and the evaluation shows that our model outperforms baseline model in accuracy, recall, F-score and false alarm rate. Besides, our model needs much less consuming time and cost lower computational and storage resources which is more suitable for lower resource scenarios.

Weiping Wang,Chunyang Wang,Yongzhen Guo,Manman Yuan,Xiong Luo,Yang Gao

DOI: https://doi.org/10.3389/fenrg.2020.555145

IF: 3.4

2021-01-19

Frontiers in Energy Research

Abstract:Industrial control network is a direct interface between information system and physical control process. Due to the lack of authentication, encryption, and other necessary security protection designs, it has become the main target of malicious attacks under the trend of increasing openness. In order to protect the industrial control systems, we examine the detection of abnormal traffic in industrial control network and propose a method of detecting abnormal traffic in industrial control network based on autoencoder technology. What is more, a new deep autoencoder model was designed to reduce the dimensionality of traffic data in industrial control network. In this article, the Kullback–Leibler divergence was added to the loss function to improve the ability of feature extraction and the ability to recover raw data. Finally, this model was compared with the traditional data dimensionality reduction method (principal component analysis (PCA), independent component analysis, and singular value decomposition) on gas pipeline dataset. The results show that the approach designed in this article outperforms the three methods in different scenes in terms of f 1 score.

energy & fuels