Autoencoder Based Anomaly Detection for SCADA Networks

Nazir, Sajid; Patel, Shushma

doi:10.4018/ijaiml.20210701.oa6

Cited by 12 publications

(9 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [20], the researchers used the pigeon inspired optimizer (PIO) to build a feature reduction strategy for IDS. The PIO algorithm draws inspiration from biological processes, namely the interactions between white pigeons and their prey.…”

Section: Literature Reviewmentioning

confidence: 99%

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

2024

IJATEE

View full text Add to dashboard Cite

Hackers have evolved at a faster rate in terms of their capabilities because of precise technological developments like networks and communication systems. These crooks are constantly looking for new ways to jeopardize the security of computer networks (CN). Intrusion detection systems (IDS) consequently automatically become important parts of a CN. An IDS is a piece of software or hardware that tracks a company's network for potential threats. Meanwhile, an IDS is capable of reacting to and reporting any fraudulent activity. Node-based or host-based IDS (HIDS) [1, 2] Network based IDS (NIDS) or distributed-based IDS (DIDS), and hybrid-based IDS (HYIDS) are the three basic categories into which IDSs fall based on the unique IDS operation concept, this classification was created. *Author for correspondenceThe primary fundamental design goals of IDS are a decrease in false positive (FP) alerts and an increase in detection accuracy. Subsequently, when designing and implementing any IDS, that perspective must be taken into consideration [3]. In currently decades, machine learning (ML)-based IDS have taken over as the industry standard. According to ML systems may now potentially learn from the past and improve. Broadly speaking, the two ML philosophies of supervised ML and unsupervised ML can be separated. Models are learned using labeled data in supervised ML [4]. Unsupervised ML uses unstructured data to train models.The multiclass and binary classification objectives are carefully taken into consideration when using supervised ML techniques in this study. The classification process occurs whenever a supervised ML technique is asked to identify a specific quality. The training data for the techniques in this configuration frequently has large sizes and high-

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

2024

IJATEE

View full text Add to dashboard Cite

show abstract

“…Autoencoders usually include four components: (i) an encoder, allowing to learn the features; (ii) a bottleneck, identified as the layer containing the encoding of the training set; (iii) a decoder, allowing the model to learn how to reconstruct the input data from the encoding; and, (iv) the reconstruction error function, measuring the performance of the model during training. Autoencoders have been applied for intrusion detection tasks [18], anomaly detection [19], and DDoS attack detection [20].…”

Section: 𝑖(𝑡)mentioning

confidence: 99%

PAST-AI: Physical-Layer Authentication of Satellite Transmitters via Deep Learning

Oligeri

Raponi

Sciancalepore

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research mainly focused on terrestrial wireless devices while, to the best of our knowledge, none of the previous work considered satellite transmitters. The satellite scenario is generally challenging because, among others, satellite radio transducers feature non-standard electronics (usually aged and specifically designed for harsh conditions). Moreover, the fingerprinting task is specifically difficult for Low-Earth Orbit (LEO) satellites (like the ones we focus in this paper) since they feature a low bit-rate and orbit at about 800 Km from the Earth, at a speed of around 25, 000 Km/h, thus making the receiver experiencing a down-link with unique attenuation and fading characteristics. In this paper, we investigate the effectiveness and main limitations of AI-based solutions to the physical-layer authentication of LEO satellites. Our study is performed on massive real data-more than 100M I-Q samplescollected from an extensive measurements campaign on the IRIDIUM LEO satellites constellation, lasting 589 hours. Our results show that Convolutional Neural Networks (CNN) and autoencoders (if properly calibrated) can be successfully adopted to authenticate the satellite transducers, with an accuracy spanning between 0.8 and 1, depending on prior assumptions. However, the relatively high number of I-Q samples required by the proposed methodology, coupled with the low bandwidth of satellite link, might prevent the detection of the spoofing attack under certain configuration parameters.

show abstract

“…Although such implementation does not necessitate prior knowledge of the infrastructure, it does necessitate some understanding of how components are arranged in order to reduce training complexity (improving the accuracy of the model). [23] conducted a similar study using a dataset gathered from a gas pipeline. The dataset includes network information (such as IP addresses or packet length), MOD-BUS protocol command payloads (as the MODBUS function code), and data measurements from industrial equipment.…”

Section: Related Workmentioning

confidence: 99%

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

et al. 2023

View full text Add to dashboard Cite

Anomaly detection in industrial control and cyber-physical systems has gained much attention over the past years due to the increasing modernisation and exposure of industrial environments. Current dangers to the connected industry include the theft of industrial intellectual property, denial of service, or the compromise of cloud components; all of which might result in a cyber-attack across the operational network. However, most scientific work employs device logs, which necessitate substantial understanding and preprocessing before they can be used in anomaly detection. In this paper, we propose a network intrusion detection system (NIDS) architecture based on a deep autoencoder trained on network flow data, which has the advantage of not requiring prior knowledge of the network topology or its underlying architecture. Experimental results show that the proposed model can detect anomalies, caused by distributed denial of service attacks, providing a high detection rate and low false alarms, outperforming the state-of-the-art and a baseline model in an unsupervised learning environment. Furthermore, the deep autoencoder model can detect abnormal behaviour in legitimate devices after an attack. We also demonstrate the suitability of the proposed NIDS in a real industrial plant from the alimentary sector, analysing the false positive rate and the viability of the data generation, filtering and preprocessing procedure for a near real time scenario. The suggested NIDS architecture is a low-cost solution that uses only fifteen network-based features, requires minimal processing, operates in unsupervised mode, and is straightforward to deploy in real-world scenarios.

show abstract

Autoencoder Based Anomaly Detection for SCADA Networks

Cited by 12 publications

References 42 publications

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

PAST-AI: Physical-Layer Authentication of Satellite Transmitters via Deep Learning

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

Contact Info

Product

Resources

About