Yanjie Li,Xiaoyu Ji,Chenggang Li,Xiaofeng Xu,Wei Yan,Xu Yan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/iceiec49280.2020.9152334

2020-01-01

Abstract:In recent years, artificial intelligence has been widely used in the field of network security, which has significantly improved the effect of network security analysis and detection. However, because the power industrial control system is faced with the problem of shortage of attack data, the direct deployment of the network intrusion detection system based on artificial intelligence is faced with the problems of lack of data, low precision, and high false alarm rate. To solve this problem, we propose an anomaly traffic detection method based on cross-domain knowledge transferring. By using the TrAdaBoost algorithm, we achieve a lower error rate than using LSTM alone.

Mayra Alexandra Macas Carrasco,Chunming Wu

DOI: https://doi.org/10.1109/icmla.2019.00212

2019-01-01

Abstract:Current Cyber-Physical Systems (CPSs) are sophisticated, complex, and equipped with networked sensors and actuators. As such, they have become further exposed to cyber-attacks. Recent catastrophic events have demonstrated that standard, human-based management of anomaly detection in complex systems is not efficient enough and have underlined the significance of automated detection, intelligent and rapid response. Nevertheless, existing anomaly detection frameworks usually are not capable of dealing with the dynamic and complicated nature of the CPSs. In this study, we introduce an unsupervised framework for anomaly detection based on an Attention-based Spatio-Temporal Autoencoder. In particular, we first construct statistical correlation matrices to characterize the system status across different time steps. Next, a 2D convolutional encoder is employed to encode the patterns of the correlation matrices, whereas an Attention-based Convolutional LSTM Encoder-Decoder (ConvLSTM-ED) is used to capture the temporal dependencies. More precisely, we introduce an input attention mechanism to adaptively select the most significant input features at each time step. Finally, the 2D convolutional decoder reconstructs the correlation matrices. The differences between the reconstructed correlation matrices and the original ones are used as indicators of anomalies. Extensive experimental analysis on data collected from all six stages of Secure Water Treatment (SWaT) testbed, a scaled-down version of a real-world industrial water treatment plant, demonstrates that the proposed model outperforms the state-of-the-art baseline techniques.

Daniel Fährmann,Naser Damer,Florian Kirchbuchner,Arjan Kuijper

DOI: https://doi.org/10.3390/s22082886

IF: 3.9

2022-04-09

Sensors

Abstract:Heterogeneous cyberattacks against industrial control systems (ICSs) have had a strong impact on the physical world in recent decades. Connecting devices to the internet enables new attack surfaces for attackers. The intrusion of ICSs, such as the manipulation of industrial sensory or actuator data, can be the cause for anomalous ICS behaviors. This poses a threat to the infrastructure that is critical for the operation of a modern city. Nowadays, the best techniques for detecting anomalies in ICSs are based on machine learning and, more recently, deep learning. Cybersecurity in ICSs is still an emerging field, and industrial datasets that can be used to develop anomaly detection techniques are rare. In this paper, we propose an unsupervised deep learning methodology for anomaly detection in ICSs, specifically, a lightweight long short-term memory variational auto-encoder (LW-LSTM-VAE) architecture. We successfully demonstrate our solution under two ICS applications, namely, water purification and water distribution plants. Our proposed method proves to be efficient in detecting anomalies in these applications and improves upon reconstruction-based anomaly detection methods presented in previous work. For example, we successfully detected 82.16% of the anomalies in the scenario of the widely used Secure Water Treatment (SWaT) benchmark. The deep learning architecture we propose has the added advantage of being extremely lightweight.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Maged Abdelaty,Roberto Doriguzzi-Corin,Domenico Siracusa

DOI: https://doi.org/10.1109/TETC.2021.3073017

2020-09-14

Abstract:Deep Learning is emerging as an effective technique to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). The conventional approach to detection in literature is to learn the "normal" behaviour of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behaviour, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the accuracy of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents DAICS, a novel deep learning framework with a modular design to fit in large ICSs. The key component of the framework is a 2-branch neural network that learns the changes in the ICS behaviour with a small number of data samples and a few gradient updates. This is supported by an automatic tuning mechanism of the detection threshold that takes into account the changes in the prediction error under normal operating conditions. In this regard, no specialised human intervention is needed to update the other parameters of the system. DAICS has been evaluated using publicly available datasets and shows an increased detection rate and accuracy compared to state of the art approaches, as well as higher robustness to additive noise.

Cryptography and Security

Yuanyuan Wei,Julian Jang-Jaccard,Wen Xu,Fariza Sabrina,Seyit Camtepe,Mikael Boulic

DOI: https://doi.org/10.48550/arXiv.2204.06701

2022-04-14

Abstract:Anomaly detection for indoor air quality (IAQ) data has become an important area of research as the quality of air is closely related to human health and well-being. However, traditional statistics and shallow machine learning-based approaches in anomaly detection in the IAQ area could not detect anomalies involving the observation of correlations across several data points (i.e., often referred to as long-term dependences). We propose a hybrid deep learning model that combines LSTM with Autoencoder for anomaly detection tasks in IAQ to address this issue. In our approach, the LSTM network is comprised of multiple LSTM cells that work with each other to learn the long-term dependences of the data in a time-series sequence. Autoencoder identifies the optimal threshold based on the reconstruction loss rates evaluated on every data across all time-series sequences. Our experimental results, based on the Dunedin CO2 time-series dataset obtained through a real-world deployment of the schools in New Zealand, demonstrate a very high and robust accuracy rate (99.50%) that outperforms other similar models.

Machine Learning,Cryptography and Security

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A. Gutierrez

DOI: https://doi.org/10.1007/s44196-024-00644-z

IF: 2.259

2024-09-11

International Journal of Computational Intelligence Systems

Abstract:Traditional security detection methods face challenges in identifying zero-day attacks in critical infrastructures (CIs) integrated with the industrial internet of things (IIoT). These attacks exploit unknown vulnerabilities and are difficult to detect due to their connection to physical systems. The integration of legacy ICS networks with modern computing and networking technologies has significantly expanded the attack surface, making these systems more susceptible to cyber-attacks. Despite existing security measures, attackers continually find ways to breach these operating networks. Anomaly detection systems are critical in protecting these CIs from current cyber threats. This study investigates the effectiveness of unsupervised anomaly detection models in detecting operational anomalies that could lead to cyber-attacks, thereby disrupting and negatively impacting quality of life. We preprocess the data with a focus on cybersecurity and chose the SWAT dataset because it accurately represents the types of attack vectors that critical infrastructures commonly encounter. We evaluated the performance of isolation forest (IF), local outlier factor (LOF), one-class SVM (OCSVM), and Autoencoder algorithms—trained exclusively on normal data—in enhancing cybersecurity within IIoT environments. Our comprehensive analysis includes an assessment of each model's detection capabilities. The findings highlight the VAE-LSTM model's potential to identify cyber-attacks within seconds in a high-frequency dataset, suggesting near real-time detection capability. The final model combines the reconstruction ability of the variational autoencoder (VAE) with regularization using the Kullback–Leibler divergence, reflecting the non-Gaussian nature of industrial system data. Our model successfully detected 23 out of 26 attack scenarios in the SWAT dataset, demonstrating its effectiveness in improving the security of IIoT-based CIs.

computer science, artificial intelligence, interdisciplinary applications

Weijie Hao,Tao Yang,Qiang Yang

DOI: https://doi.org/10.1109/tase.2021.3073396

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber–physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners—This article was motivated by the challenge of real-time anomaly detection in industrial cyber–physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.

Huazan Liu,Zhenzhou Ji,Chong Li,Kaikai Li

DOI: https://doi.org/10.1109/ICCEA58433.2023.10135289

2023-01-01

Abstract:As the development of the Internet of Things, industrial control network security issues have become more prominent. Anomaly detection technology is an important detection technology for ensuring the network security of industrial control systems, which can issue alarms and block responses before the system is compromised. However, most models currently suffer from problems such as low detection rate, high false positive rate, and inability to locate the anomalies. To address these issues, this paper proposes a multidimensional feature and spectral residual-based industrial control time series anomaly detection method (SRMCAD) to improve the accuracy of anomaly detection while reducing the false positive rate. First, this paper applies the spectral residual method to multidimensional time series anomaly detection in the industrial control domain, and uses the residual data obtained by spectral residual processing instead of the original data as input to the model. Secondly, to address the problem of imprecise device attack localization and high false positive rate in existing industrial control anomaly detection models, this paper designs and implements an industrial control anomaly detection model based on an encoding-decoding architecture, incorporating the idea of system state modeling and using the Mahalanobis distance as the loss function. Experimental results show that SRMCAD has significant advantages over current advanced methods.

Xin Du,Chunjie Zhou,Yu-Chu Tian,Kunkun Wang

DOI: https://doi.org/10.1109/jsen.2024.3384275

IF: 4.3

2024-01-01

IEEE Sensors Journal

Abstract:In industrial cyber-physical control systems (ICPSs), different types of variables are typically sampled at diverse intervals, ranging from sub-seconds to minutes or even longer, resulting in multi-rate sampling data. The variation in sampling rates can lead to data gaps, which impede the performance of traditional anomaly detection techniques. To address this challenge, a new anomaly detection approach is presented for ICPSs with multi-rate data. Employing a mechanism model, it performs data super-resolution in both temporal and spatial domains, thus filling in the missing data across various sampling rates and expanding additional virtual spatial states. Moreover, the approach integrates an anomaly-forced autoencoder. The autoencoder is trained to improve anomaly detection by injecting anomalies randomly during the training phase, thereby enhancing its capacity to accurately reconstruct normal behavior under anomalous conditions. Experimental studies are conducted on a petrochemical fractionation unit simulation testbed and also a pubic benchmark dataset BATADAL (Battle of the Attack Detection ALgorithms) to demonstrate the proposed approach. Experimental results from the testbed show that the proposed approach consistently maintains stable detection accuracy, ranging between 95.7% and 96.5%. On BATADAL dataset, the detection accuracy varies between 87.5% and 91.5% across different multi-rate sampling scenarios. This performance not only outperforms state-of-the-art baseline methods but also exhibits similar superior results when applied to other datasets.

Bing Yu,Jiakai Xu,Gang Xiang,Ruishi Lin,LiGuo Zhao,Yang Yu

DOI: https://doi.org/10.1109/i2mtc60896.2024.10561049

2024-01-01

Abstract:The reliability of modern industrial systems is rigid; therefore, it is mandatory to monitor the system status and detect anomalies accurately. A long short-term memory (LSTM) network can be used to predict the trend of single-dimensional system test data and implement anomaly detection based on the prediction result. However, the structure of the modern system is complex, and strong dependencies may exist between different variables. The LSTM-based detection method cannot capture this dependency, and some anomalies can be ignored. Therefore, an anomaly detection framework based on the LSTM autoencoder is proposed in this paper. The auto encoder is applied to find the hidden dependency among variables by minimizing the reconstruction error of normal data, while the LSTM is used to capture the temporal dependencies in the time series. Moreover, a new dynamic error threshold selection strategy based on extreme value theory (EVT-DTS) is presented, which can avoid estimating the error distribution beforehand. The EVT-DTS method can dynamically adjust the error threshold according to the current input data error so that the overall optimal detection result can be obtained. Finally, we implement experiment on two industrial applications using the proposed method, which demonstrate its effectiveness in finding complex anomaly states in the system.

Wenli Shang,Jiawei Qiu,Haotian Shi,Shuang Wang,Lei Ding,Yanjun Xiao

DOI: https://doi.org/10.1155/2024/5459452

IF: 8.993

2024-06-04

International Journal of Intelligent Systems

Abstract:Industrial control systems (ICSs), as critical national infrastructures, are increasingly susceptible to sophisticated security threats. To address this challenge, our study introduces the CAE‐T, a deep convolutional autoencoding transformer network designed for efficient anomaly detection and real‐time fault monitoring in ICS. The CAE‐T utilizes unsupervised deep learning, employing a convolutional autoencoder for spatial feature extraction from multidimensional time‐series data, and combines this with a transformer architecture to capture long‐term temporal dependencies. The design of the model facilitates rapid training and inference, while its dual‐component approach, utilizing an optimization function based on support vector data description (SVDD), enhances detection accuracy. This integration synergistically combines spatiotemporal feature extraction, significantly improving the robustness and precision of anomaly detection in ICS environments. The CAE‐T model demonstrated notable performance enhancements across three industrial control system datasets. Notably, the CAE‐T model achieved approximately a 70.8% increase in F1 score and a 9.2% rise in AUC on the WADI dataset. On the SWaT dataset, the model showed improvements of approximately 2.8% in F1 score and 5% in AUC. The power system dataset saw more modest gains, with an approximately 0.1% uptick in F1 score and a 1% increase in AUC. These improvements validate the CAE‐T model's efficacy and robustness in anomaly detection across various scenarios.

computer science, artificial intelligence

Antoine Chevrot,Alexandre Vernotte,Bruno Legeard

DOI: https://doi.org/10.1016/j.cose.2022.102652

2021-09-08

Abstract:The Automatic Dependent Surveillance Broadcast protocol is one of the latest compulsory advances in air surveillance. While it supports the tracking of the ever-growing number of aircraft in the air, it also introduces cybersecurity issues that must be mitigated e.g., false data injection attacks where an attacker emits fake surveillance information. The recent data sources and tools available to obtain flight tracking records allow the researchers to create datasets and develop Machine Learning models capable of detecting such anomalies in En-Route trajectories. In this context, we propose a novel multivariate anomaly detection model called Discriminatory Auto-Encoder (DAE). It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase (e.g. climbing, cruising or descending) during its <a class="link-external link-http" href="http://training.To" rel="external noopener nofollow">this http URL</a> illustrate the DAE's efficiency, an evaluation dataset was created using real-life anomalies as well as realistically crafted ones, with which the DAE as well as three anomaly detection models from the literature were evaluated. Results show that the DAE achieves better results in both accuracy and speed of detection. The dataset, the models implementations and the evaluation results are available in an online repository, thereby enabling replicability and facilitating future experiments.

Machine Learning,Artificial Intelligence

Gabriela Ahmadi-Assalemi,Haider Al-Khateeb,Gregory Epiphaniou,Amar Aggoun

DOI: https://doi.org/10.1109/jiot.2022.3144127

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Industrial control systems (ICSs) are integral parts of smart cities and critical to modern societies. Despite indisputable opportunities introduced by disruptor technologies, they proliferate the cybersecurity threat landscape, which is increasingly more hostile. The quantum of sensors utilized by ICS aided by artificial intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining, and cost reduction. However, apart from the operational use, the sensors generated data combined with AI can be innovatively utilized to model anomalous behavior as part of layered security to increase resilience to cyberattacks. We introduce a framework to profile anomalous behavior in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, $k$ -fold, $n$ -repeat cross-validation applied to each base learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor data set. The experimental results reveal that the proposed technique achieves an overall $F1$ -score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 s. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS, and transferable to other smart city sectors.

Huang Li,Yiqin Sang,Hongjuan Ge,Jie Yan,Shijia Li

DOI: https://doi.org/10.1016/j.cose.2023.103619

IF: 5.105

2024-01-01

Computers & Security

Abstract:To detect remote terminal (RT) spoofing attacks on MIL-STD-1553B data bus and prevent the network paralysis of integrated avionics system (IAS) caused by misjudgment, an anomaly detection method of aviation data bus based on the combination of sparse autoencoder (SAE) and integrated mahalanobis distance (IMD) is proposed. Aiming at the communication traffic training set with only normal data, an unsupervised learning algorithm SAE is used to train a model that only represents normal behavior. To combine the feature information of each layer within SAE, the IMD, which can measure the similarity between data characteristics, is used to obtain the anomaly score of test data, and the comprehensive anomaly score (CAS) is obtained by considering the reconstruction error between SAE input and output. To solve the problem that data distribution and detection requirements were not considered in a single threshold, a heuristic multi-threshold selection method is proposed, which maximizes the performance of the classifier by considering the accuracy, youden index (YI), and F1. The experimental results demonstrate the effectiveness and feasibility of the method.

DOI: https://doi.org/10.1007/s11042-024-19116-9

IF: 2.577

2024-05-11

Multimedia Tools and Applications

Abstract:Many security cameras have been put up in places like airports, roads, and banks for the safety of these public places. These cameras make a lot of video data, and most security camera recordings are only ever seen when something strange happens. This means that monitoring has to be done by people, which is time-consuming and often wrong, so automatic ways of monitoring have to be used. In this paper, we propose a system that automatically detects irregular events in videos based on the integration of Inflated 3D Convolution Network (I3D-ResNet50) and deep Multiple Instance Learning (MIL). This system considers both regular and unusual videos as negative and positive packets, respectively. Each video snippet is a case of that packet. An anomaly score is generated for each video snippet using a fully connected Neural Network (NN). After processing videos, we used an I3D-ResNet50 to extract features after applying 10-crop augmentations to the UCF-101 dataset that contains 130 GB of videos with 13 abnormal events such as fighting, stealing, abuse, etc., as well as normal events. Our experimental results show that the AUC is 82.85% with only 10,000 iterations compared with other approaches. This means that our model is better at spotting anomalies in real-time videos.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xiaogang Deng,Jiayan Li

DOI: https://doi.org/10.1016/j.engappai.2024.109357

IF: 8

2024-09-25

Engineering Applications of Artificial Intelligence

Abstract:Anomaly detection of industrial control systems (ICS) based on sensor data analytic is of utmost importance because ICS may suffer from various attacks leading to anomaly behaviors and even equipment failures. As an emerging deep learning technique, deep support vector data description (DeSVDD) has been successfully applied to ICS anomaly detection. Its advantage lies in only requiring normal data to train one-class classifier, which is suitable for actual industrial scenarios with extremely data imbalance of abundant normal data and scare abnormal data. However, this also results in its shortcoming of ignoring the valuable classification information hidden in the abnormal data. In order to overcome this issue, this paper proposes an improved DeSVDD method, called radius constraint DeSVDD (RC-DeSVDD). The proposed model constructs an anomaly detection model framework of abnormal data assisted DeSVDD, where a radius constraint is designed by considering the difference between normal and abnormal data. Further, considering the limited amount of abnormal data, a bi-directional generative adversarial network (BiGAN) is introduced to generate abnormal data. Experimental results on three benchmark datasets demonstrate the superiority of the proposed RC-DeSVDD anomaly detection method.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Clemens Heistracher,Anahid Jalali,Axel Suendermann,Sebastian Meixner,Daniel Schall,Bernhard Haslhofer,Jana Kemnitz

DOI: https://doi.org/10.48550/arXiv.2110.04049

2021-10-08

Abstract:The increasing deployment of low-cost IoT sensor platforms in industry boosts the demand for anomaly detection solutions that fulfill two key requirements: minimal configuration effort and easy transferability across equipment. Recent advances in deep learning, especially long-short-term memory (LSTM) and autoencoders, offer promising methods for detecting anomalies in sensor data recordings. We compared autoencoders with various architectures such as deep neural networks (DNN), LSTMs and convolutional neural networks (CNN) using a simple benchmark dataset, which we generated by operating a peristaltic pump under various operating conditions and inducing anomalies manually. Our preliminary results indicate that a single model can detect anomalies under various operating conditions on a four-dimensional data set without any specific feature engineering for each operating condition. We consider this work as being the first step towards a generic anomaly detection method, which is applicable for a wide range of industrial equipment.

Machine Learning,Artificial Intelligence,Signal Processing

Yue Wang,Hao Peng,Gang Wang,Xianghong Tang,Xuejian Wang,Chunyang Liu

DOI: https://doi.org/10.1016/j.engappai.2023.106144

IF: 8

2023-03-24

Engineering Applications of Artificial Intelligence

Abstract:Massive amounts of industrial data, which are often gathered by industrial control systems (ICS), have been generated by the fast growth of industrial intelligence. One of the hottest topics in ICS is how to extract the most useful information from industrial "Big Data" and provide a more comprehensive service for monitoring the condition of industrial production processes. As the industrial environment gets increasingly complicated, production tasks change often and malicious attacks are on the rise. It remains a grand challenge to perform fine-grained anomaly detection in high-dimensional, noisy industrial data. In response to this problem, we propose a spatio-temporal graph neural network-based anomaly detection framework for fine-grained state monitoring of ICSs. First, based on prior knowledge, we propose a method for feature dimensionality reduction and dynamic graph modeling. After that, the variational mode decomposition (VMD) module is then utilized to remove noise from industrial data. Finally, we propose a spatio-temporal feature extraction module for fine-grained anomaly detection. Numerical experiments are conducted on a real-world ICS dataset called HAI. The results demonstrate that the proposed framework can effectively deal with high-dimensional, high-noise, and imbalanced industrial data. The framework's concepts are interconnected and extensible to various industrial scenarios, including metallurgy, smart shop floors, etc. In terms of recall, precision, and F1 -Score, a comparison between the proposed framework and eight representative methods reveals the merits of the proposed framework.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Vegard Berge,Chunlei Li

2024-10-26

Abstract:Traditional intrusion detection systems (IDSs) often rely on either network traffic or process data, but this single-source approach may miss complex attack patterns that span multiple layers within industrial control systems (ICSs) or persistent threats that target different layers of operational technology systems. This study investigates whether combining both network and process data can improve attack detection in ICSs environments. Leveraging the SWaT dataset, we evaluate various machine learning models on individual and combined data sources. Our findings suggest that integrating network traffic with operational process data can enhance detection capabilities, evidenced by improved recall rates for cyber attack classification. Serving as a proof-of-concept within a limited testing environment, this research explores the feasibility of advancing intrusion detection through a multi-source data approach in ICSs. Although the results are promising, they are preliminary and highlight the need for further studies across diverse datasets and refined methodologies.

Cryptography and Security

Ding, Yong

DOI: https://doi.org/10.1007/s12083-023-01586-7

IF: 3.488

2024-01-10

Peer-to-Peer Networking and Applications

Abstract:With the advent of Industry 4.0, industrial control systems (ICS) are more and more closely connected with the Internet, leading to a rapid increase in the types and quantities of security threats that arise from ICS. Anomaly detection is an effective defense measure against attacks. At present, it is the main trend to use hybrid deep learning methods to realize ICS anomaly detection. However, we found that many ICS anomaly detection methods based on hybrid deep learning adopt phased learning, in which each phase is optimized separately with optimization goals deviating from the overall goal. In view of this issue, we propose an end-to-end anomaly detection method SAKMR based on hybrid deep learning. Our method uses radial basis function network (RBFN) to realize K-means clustering, and combines it with stacked auto-encoder (SAE), which is conducive to defining reconstruction error and clustering error into an objective function to ensure joint optimization of feature extraction and classification. Experiments were conducted on the commonly used KDDCUP99 and SWAT datasets. The results show that SAKMR is effective in detecting abnormal industrial control data and outperforms the baseline methods on multiple performance indicators such as F1-Measure.

computer science, information systems,telecommunications