Yanjie Li,Xiaoyu Ji,Chenggang Li,Xiaofeng Xu,Wei Yan,Xu Yan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/iceiec49280.2020.9152334

2020-01-01

Abstract:In recent years, artificial intelligence has been widely used in the field of network security, which has significantly improved the effect of network security analysis and detection. However, because the power industrial control system is faced with the problem of shortage of attack data, the direct deployment of the network intrusion detection system based on artificial intelligence is faced with the problems of lack of data, low precision, and high false alarm rate. To solve this problem, we propose an anomaly traffic detection method based on cross-domain knowledge transferring. By using the TrAdaBoost algorithm, we achieve a lower error rate than using LSTM alone.

Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

M. P Sujatha,S. Niresh Kumar

DOI: https://doi.org/10.53730/ijhs.v6ns4.9413

2022-06-21

International Journal of Health Sciences

Abstract:Industrial Control Systems (ICSs) are the lifeline of a country. Therefore, the anomaly detection of ICS traffic is an important endeavor. This paper proposes a model based on a deep residual Convolution Neural Network (CNN) to prevent gradient explosion or gradient disappearance and guarantee accuracy. The developed methodology addresses two limitations: most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train. The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks. One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN. Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training. The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training. Thus, the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Zhi-Yang,Xiao-jun

2020-01-01

Abstract:Intrusion Detection Algorithm of Power Grid Industrial Control System Based on CNN ZHAO Zhi-Yang, XIA Xiao-Jun (University of Chinese Academy of Sciences, Beijing 100049, China) (Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China) Abstract: Traditional power grid industrial control systems are mainly isolated from external networks through tools such as firewalls, but with the application of new technologies such as cloud computing and the Internet of Things, the degree of interconnection between networks has continued to deepen, and the difficulty of security protection has greatly increased. How to effectively detect network intrusion behavior has become very important. Compared with traditional intrusion detection technology, convolutional neural networks have a better ability to extract intrusion features. This study proposes a power grid industrial control system intrusion detection algorithm based on convolutional neural networks. The KDD99 dataset is processed for model training, and a cascade convolution layer is added to optimize the network structure. Under the premise of small parameter scale, the real-time requirements of the model are guaranteed. Compared with the traditional SVM algorithm and the k-means algorithm, the intrusion detection accuracy of the proposed algorithm in this study is improved, the false detection rate is reduced, and the intrusion behavior to the power grid industrial control system can be effectively detected.

Ankang Chu,Yingxu Lai,Jing Liu

DOI: https://doi.org/10.1155/2019/6757685

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Intrusion detection is essential for ensuring the security of industrial control systems. However, conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. In this study, we propose an industrial control intrusion detection approach based on a combined deep learning model for communication processes that use the Modbus protocol. Initially, the network packets are classified as carrying information and noncarrying information based on key fields according to the communication protocol used. Next, a template comparison approach is employed to detect the network packets that do not carry any information. Furthermore, an approach based on a GoogLeNet-long short-term memory model is used to detect the network packets that do carry information. This approach involves network packet sequence construction, feature extraction, and time-series level detection. Subsequently, the detected intrusions are classified into multiple categories through a Softmax classifier. A gas pipeline dataset of the Modbus protocol is used to evaluate the proposed approach and compare it with existing strategies. The accuracy, false-positive rate, and miss rate are 97.56%, 2.42%, and 2.51%, respectively, thus confirming that the proposed approach is suitable for intrusion detection in industrial control systems.

Chunjie Zhou,Shuang Huang,Naixue Xiong,Shuang-Hua Yang,Huiyun Li,Yuanqing Qin,Xuan Li

DOI: https://doi.org/10.1109/TSMC.2015.2415763

2015-01-01

Abstract:Industrial process automation is undergoing an increased use of information communication technologies due to high flexibility interoperability and easy administration. But it also induces new security risks to existing and future systems. Intrusion detection is a key technology for security protection. However, traditional intrusion detection systems for the IT domain are not entirely suitable for industrial process automation. In this paper, multiple models are constructed by comprehensively analyzing the multidomain knowledge of field control layers in industrial process automation, with consideration of two aspects: physics and information. And then, a novel multimodel-based anomaly intrusion detection system with embedded intelligence and resilient coordination for the field control system in industrial process automation is designed. In the system, an anomaly detection based on multimodel is proposed, and the corresponding intelligent detection algorithms are designed. Furthermore, to overcome the disadvantages of anomaly detection, a classifier based on an intelligent hidden Markov model, is designed to differentiate the actual attacks from faults. Finally, based on a combination simulation platform using optimized performance network engineering tool, the detection accuracy and the real-time performance of the proposed intrusion detection system are analyzed in detail. Experimental results clearly demonstrate that the proposed system has good performance in terms of high precision and good real-time capability.

Tao Yang,Jinming Wang,Weijie Hao,Qiang Yang,Wenhai Wang

DOI: https://doi.org/10.48550/arXiv.2204.09942

2022-04-21

Cryptography and Security

Abstract:Industrial control systems (ICSs) are facing increasing cyber-physical attacks that can cause catastrophes in the physical system. Efficient anomaly detection models in the industrial sensor networks are essential for enhancing ICS reliability and security, due to the sensor data is related to the operational state of the ICS. Considering the limited availability of computing resources, this paper proposes a hybrid anomaly detection approach in cloud-edge collaboration industrial sensor networks. The hybrid approach consists of sensor data detection models deployed at the edges and a sensor data analysis model deployed in the cloud. The sensor data detection model based on Gaussian and Bayesian algorithms can detect the anomalous sensor data in real-time and upload them to the cloud for further analysis, filtering the normal sensor data and reducing traffic load. The sensor data analysis model based on Graph convolutional network, Residual algorithm and Long short-term memory network (GCRL) can effectively extract the spatial and temporal features and then identify the attack precisely. The proposed hybrid anomaly detection approach is evaluated using a benchmark dataset and baseline anomaly detection models. The experimental results show that the proposed approach can achieve an overall 11.19% increase in Recall and an impressive 14.29% improvement in F1-score, compared with the existing models.

Yibo Hu,Dinghua Zhang,Guoyan Cao,Quan Pan

DOI: https://doi.org/10.1109/smc.2019.8913895

2019-01-01

Abstract:Industrial control system (ICS) security is an important topic in context of Industry 4.0. Due to limited industrial network data and insufficient data analysis, anomaly detection for ICS is hardly to implement to enforce ICS security. The paper analyzes the traditional IT network data and ICS network data, bridges the common knowledge of network flow data feature of the both networks, and transfers the anomaly detection knowledge of traditional IT network into ICS network by means of a designed convolutional neural network (CNN) mechanism. Specific experiments validate the accuracy and reliability of the proposed CNN mechanism.

Wenli Shang,Jiawei Qiu,Haotian Shi,Shuang Wang,Lei Ding,Yanjun Xiao

DOI: https://doi.org/10.1155/2024/5459452

IF: 8.993

2024-06-04

International Journal of Intelligent Systems

Abstract:Industrial control systems (ICSs), as critical national infrastructures, are increasingly susceptible to sophisticated security threats. To address this challenge, our study introduces the CAE‐T, a deep convolutional autoencoding transformer network designed for efficient anomaly detection and real‐time fault monitoring in ICS. The CAE‐T utilizes unsupervised deep learning, employing a convolutional autoencoder for spatial feature extraction from multidimensional time‐series data, and combines this with a transformer architecture to capture long‐term temporal dependencies. The design of the model facilitates rapid training and inference, while its dual‐component approach, utilizing an optimization function based on support vector data description (SVDD), enhances detection accuracy. This integration synergistically combines spatiotemporal feature extraction, significantly improving the robustness and precision of anomaly detection in ICS environments. The CAE‐T model demonstrated notable performance enhancements across three industrial control system datasets. Notably, the CAE‐T model achieved approximately a 70.8% increase in F1 score and a 9.2% rise in AUC on the WADI dataset. On the SWaT dataset, the model showed improvements of approximately 2.8% in F1 score and 5% in AUC. The power system dataset saw more modest gains, with an approximately 0.1% uptick in F1 score and a 1% increase in AUC. These improvements validate the CAE‐T model's efficacy and robustness in anomaly detection across various scenarios.

computer science, artificial intelligence

Qian Wang,He Chen,Yonghui Li,Branka Vucetic

DOI: https://doi.org/10.1109/iciai.2019.8850828

2019-01-01

Abstract:The convergence of operation technology (OT) and information and communication technology (ICT) in industrial control networks presents new challenges for anomaly detection algorithms. Machine learning has achieved great success over the past few years, which has also been considered as one of the popular solutions for anomaly detection in industrial control networks. In this paper, we survey the recent work on anomaly detection for industrial control networks exploiting machine learning techniques. We first summarize major differences between OT and ICT and analyze the corresponding advantages and disadvantages for anomaly detection. Based on the features of the industrial control networks, existing work are classified into data-based learning and industrial network-specified learning methods. We analyze the pros and cons of these two learning methods. We finally point out the promising future work within this research area.

Jun Wang,Changfu Si,Zhen Wang,Qiang Fu

DOI: https://doi.org/10.32604/cmc.2024.050223

2024-01-01

Abstract:Nowadays, with the rapid development of industrial Internet technology, on the one hand, advanced industrial control systems (ICS) have improved industrial production efficiency. However, there are more and more cyber-attacks targeting industrial control systems. To ensure the security of industrial networks, intrusion detection systems have been widely used in industrial control systems, and deep neural networks have always been an effective method for identifying cyber attacks. Current intrusion detection methods still suffer from low accuracy and a high false alarm rate. Therefore, it is important to build a more efficient intrusion detection model. This paper proposes a hybrid deep learning intrusion detection method based on convolutional neural networks and bidirectional long short-term memory neural networks (CNN-BiLSTM). To address the issue of imbalanced data within the dataset and improve the model’s detection capabilities, the Synthetic Minority Over-sampling Technique-Edited Nearest Neighbors (SMOTE-ENN) algorithm is applied in the preprocessing phase. This algorithm is employed to generate synthetic instances for the minority class, simultaneously mitigating the impact of noise in the majority class. This approach aims to create a more equitable distribution of classes, thereby enhancing the model’s ability to effectively identify patterns in both minority and majority classes. In the experimental phase, the detection performance of the method is verified using two data sets. Experimental results show that the accuracy rate on the CICIDS-2017 data set reaches 97.7%. On the natural gas pipeline dataset collected by Lan Turnipseed from Mississippi State University in the United States, the accuracy rate also reaches 85.5%.

Haicheng Qu,Jitao Qin,Wanjun Liu,Hao Chen

DOI: https://doi.org/10.1007/978-3-319-73447-7_48

2017-01-01

Abstract:Cyber security threats of industrial control system have become increasingly sophisticated and complex. In the related intrusion detection, there is a problem that intrusion detection based on network communication behavior cannot fully find out the potential intrusion. The Machine Learning is applied to seek out the abnormal of industrial network. First of all, the supervised learning methods, such as Decision Tree, K-Nearest Neighbors, SVM and so on, were adopted to deal with SCADA network dataset and related discriminated features. Next, an anomaly detection model is built using One-Class classification method, and the effect of the One-Class Classification method in the SCADA network dataset is analyzed from the recall rate, the accuracy rate, the false positive rate and the false negative rate. It is shown that the anomaly detection model constructed by the One-Class Support Vector Machine (OCSVM) method has high accuracy, and the Decision Tree method can commendably detect the intrusion behavior.

Mohammad Shahin,F. Frank Chen,Hamed Bouzary,Ali Hosseinzadeh,Rasoul Rashidifar

DOI: https://doi.org/10.1007/s00170-022-10259-3

IF: 3.563

2022-10-26

The International Journal of Advanced Manufacturing Technology

Abstract:Recently, Internet of things (IoT) devices have been widely implemented and technologically advanced in manufacturing settings to monitor, collect, exchange, analyze, and deliver data. However, this transition has increased the risk of cyber-attacks, exponentially. Subsequently, developing effective intrusion detection systems based on deep learning algorithms has proven to become a reliable intelligence tool to protect Industrial IoT devices against cyber threats. This paper presents the implementation of two different classifications and detection utilizing the long short-term memory (LSTM) architecture to address cybersecurity concerns on three benchmark industrial IoT datasets (BoT-IoT, UNSW-NB15, and TON-IoT) which take advantage of various deep learning algorithms. An overall analysis of the performance of the proposed models is provided. Augmenting the LSTM with convolutional neural network (CNN) and fully convolutional neural network (FCN) achieves state-of-the-art performance in detecting cybersecurity threats.

engineering, manufacturing,automation & control systems

Zhefan Zhang,Zhiheng Zhao,Jinyong Deng,Yongzhe Chen

DOI: https://doi.org/10.1109/EIECS59936.2023.10435492

2023-01-01

Abstract:As an important part of the information age, network security has been concerned. Industrial control system is an indispensable part of modern production process, but it is also facing the threat from cyber-attacks. Intrusion detection system is an indispensable part of the industrial control system security defense system. It detects the attack data by monitoring the real-time status of network traffic. This paper offers an intrusion detection approach based on parallel CNN-LSTM with self-attention mechanism in accordance with the features of industrial control system network traffic, using the UNSW-NB15 dataset as the research object. After experimental analysis, the accuracy, recall and F1 value are 98.66%, 95.88% and 95.91% and The FPR and FAR are 2.28% and 2.23%. Compared with other intrusion detection models, the proposed method has better performance.

Mohammad Shahin,F. Frank Chen,Ali Hosseinzadeh,Hamed Bouzary,Rasoul Rashidifar

DOI: https://doi.org/10.1007/s00170-022-10329-6

IF: 3.563

2022-10-26

The International Journal of Advanced Manufacturing Technology

Abstract:With the rapid advancement of wireless technology, the problem of cybersecurity monitoring and detection of cyber-attacks has been receiving widespread attention from industry and academia. The consequences of an undetected cyber-attack in a manufacturing system are not limited to intellectual property theft and cost. It may include destroying equipment, changing product plans, or altering processes. This paper proposes a deep hybrid learning model to improve network intrusion detection systems. To this end, initially, the data set is normalized and preprocessed. Afterward, deep hybrid learning models integrating Attention-based Long Short Term Memory (ALSTM) and Fully Convolutional Neural Network (FCN) with Gradient Boosting, such as Extreme Gradient Boosting (XGBoost) and Adaptive Boost (AdaBoost) are constructed to detect anomalies in traffic data of industrial internet of things (IoT) devices, successfully. The proposed model managed to detect cybersecurity threats in seven different Industrial Internet of Things (IIoT) devices with high-performance measures. The results reveal that deep hybrid learning can ideally detect cyber-security attacks and be versatile in detecting different types of attacks.

engineering, manufacturing,automation & control systems

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation