Intelligent Sampling Using an Optimized Neural Network

Jadidi, Zahra; Muthukkumarasamy, Vallipuram; Sithirasenan, Elankayer; Singh, Kalvinder

doi:10.4304/jnw.11.01.16-27

Cited by 3 publications

(3 citation statements)

References 49 publications

(101 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NetFlow-based analysis can be used to detect cyber-attacks which affect the volume of network traffic. This method is capable of detecting attacks like port scanning, DNS Poisoning, DoS, and DDoS attacks [6,7,29,30]. The lack of payload analysis makes the NetFlow-based methods scalable, fast and cost-effective for anomaly detection [41].…”

Section: Background and Related Workmentioning

confidence: 99%

“…NetFlow is a Cisco proprietary protocol, which can be enabled on router devices, to provide NetFlow records. A NetFlow record is defined as a group of packets with some common characteristics which pass a monitoring point in a specific time interval [6,8,9]. Compared with payload-based methods, a NetFlow-based analysis method significantly reduces the volume of traffic to be processed.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Despite packet-based analysis, NetFlow-based methods process only packet headers and they provide light-weight analysis. The efficiency of NetFlow-based anomaly detection is illustrated in IT networks [6][7][8]46]. However, it has not been investigated in an ICS environment.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automated detection-in-depth in industrial control systems

Jadidi

Foo

Hussain

et al. 2021

Int J Adv Manuf Technol

Self Cite

View full text Add to dashboard Cite

Legacy industrial control systems (ICSs) are not designed to be exposed to the Internet and linking them to corporate networks has introduced a large number of cyber security vulnerabilities. Due to the distributed nature of ICS devices, a detection-in-depth strategy is required to simultaneously monitor the behaviour of multiple sources of ICS data. While a detection-in-depth method leads to detecting attacks, like flooding attacks in earlier phases before the attacker can reach the end target, most research papers have focused on anomaly detection based on a single source of ICS data. Here, we present a detection-in-depth method for an ICS network. The new method is called automated flooding attack detection (AFAD) which consists of three stages: data acquisition, pre-processing, and a flooding anomaly detector. Data acquisition includes data collection from different sources like programmable logic controller (PLC) logs and network traffic. We then generate NetFlow data to provide light-weight anomaly detection in ICS networks. NetFlow-based analysis has been used as a scalable method for anomaly detection in high-speed networks. It only analyses packet headers, and it is an efficient method for detecting flooding attacks like denial of service attacks, and its performance is not affected by encrypted data. However, it has not been sufficiently studied in industrial control systems. Besides NetFlow data, ICS device logs are a rich source of information that can be used to detect abnormal behaviour. Both NetFlow traffic and log data are processed in our pre-processing stage. The third stage of AFAD is anomaly detection which consists of two parallel machine learning analysis methods, which respectively analyse the behaviours of device logs and NetFlow records. Due to the lack of enough labelled training datasets in most environments, an unsupervised predictor and an unsupervised clustering method are respectively used in the anomaly detection stage. We validated our approach using traffic captured in a factory automation dataset, Modbus dataset, and SWAT dataset. These datasets contain physical and network level normal and abnormal data. The performance of AFAD was compared with single-layer anomaly detection and with other studies. Results showed the high precision of AFAD in detecting flooding attacks.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%