Intrusion detection algorithm based on OCSVM in industrial control system

Shang, Wenli; Zeng, Peng; Wan, Ming; Li, Lin; An, Panfeng

doi:10.1002/sec.1398

Cited by 54 publications

(31 citation statements)

References 24 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Furthermore, the normal models or profiles are built from multivariate training data, and the corresponding anomaly detection is realized by using the mechanism of classification or optimization. Actually, the computational intelligence techniques have been attracting great interests of both industry and academia, and many computational intelligence approaches have been researched, mainly including SVM (Support Vector Method) [15,24,25], neural network [26], decision trees [27], genetic algorithm [27,28], and clustering technique [29]. Although the computational intelligence-based techniques have the relatively high computational overhead, they can achieve better performance in detection, tolerance, and generality [14].…”

Section: Related Workmentioning

confidence: 99%

Function-Aware Anomaly Detection Based on Wavelet Neural Network for Industrial Control Communication

Wan

Song

Yuan

et al. 2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Function control, which is an essential link in industrial automation, is undergoing a growing integration with ICTs (Information Communication Technologies) because of the flexible manufacturing and convenient interoperability in CPSs (Cyber-Physical Systems). However, it has also brought the increasing dangers of cyberattacks caused by malicious or intentional industrial process control exploitations. In order to effectively detect these cyber intrusions and anomalies, this paper proposes a function-aware anomaly detection approach based on WNN (Wavelet Neural Network), which perceives the abnormal function control changes in industrial control communication. By appropriately extracting the time-related function control characteristics from industrial communication packets, this approach builds an optimized wavelet neural network to model the normal function control behaviors and calculates the detection threshold to differentiate the aberrant industrial process control activities. Additionally, a real-world control system, whose communication protocol is Modbus/TCP, is simulated to furnish the analyzed function control data. According to the experimental results, we fully demonstrate this approach has the fine detection accuracy and adequate real-time capability.

show abstract

Section: Related Workmentioning

confidence: 99%

Function-Aware Anomaly Detection Based on Wavelet Neural Network for Industrial Control Communication

Wan

Song

Yuan

et al. 2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Based on our prior work [42]- [44], this paper proposes an improving algorithm which can transform the different function code sequences under the specified time interval into the function samples with the same dimension. …”

Section: A Feature Selection and Extraction For Function Control Behmentioning

confidence: 99%

“…It is easy to see that the above algorithm has three advantages: first, the function code sequences of different lengths under the specified time interval can be mapped to the function samples with the same dimension, and these function samples facilitate the further processing; second, different with our prior work [42]- [44], the function samples not only consider the information entropy of single function code in the function code sequence, but also reflect the frequency characteristic of two neighboring function codes. So, the function samples can describe the function code sequence rationally and effectively; third, our prior work used three consecutive function codes as a short sequence, and this design may cause a large dimension number of function samples.…”

Section: Namely Each Function Code Sequencementioning

confidence: 99%

“…Because different kernel functions have distinct effects on the classifier's performance, it may have some limitations if we only use one single kernel function to solve a practical problem. Different with our prior work [43], [44], in this paper we construct a weighted mixed kernel function based on Gaussian kernel function and Polynomial kernel function. The weighted mixed kernel function can be depicted as…”

Section: Construction Of Kernel Functionmentioning

confidence: 99%

See 1 more Smart Citation

Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems

Wan

Shang

Zeng

2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Abstract-Due to the growing dependencies of information network technology, networked control systems are undergoing a severe blow of cyberattacks, and simply modeling cyberattacks is inadequate and impractical for the detection requirements, because of various vulnerabilities in these systems and the diversities of cyberattacks. Actually, a feasible viewpoint is to identify misbehaviors by constructing a normal model of industrial communication behaviors. However, one of the chief difficulties is how to completely and appropriately summarize industrial communication behaviors according to the specific communication characteristics. In view of process control and data acquisition, this paper associates industrial communication characteristics with the time sequence, and further extracts two distinct behaviors: function control behavior and process data behavior. Based on these double behavior characteristics, we introduce one-class classification to detect the corresponding anomalies, respectively. Besides, we also present the weighted mixed Kernel function and parameter optimization method to improve classification performance. Experimental results clearly demonstrate that the proposed approach has significant advantages of classification accuracy and detection efficiency.Index Terms-Function control behavior, process data behavior, one-class classification, networked control systems.

show abstract

“…Moreover most of data in industrial control system belong to normal communication behavior, and fault or critical state data are rare to find. Based on these observations, during recent years a lot of Intrusion Detection Systems that are based on the One Class Support Vector Machine (OCSVM) core are proposed [4][5][6][7]. OCSVM has only one category of data and simply tries to determine if new data belongs to that category or not.…”

Section: Introductionmentioning

confidence: 99%

A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes

Stewart¹,

Rosa²,

Μαγλαράς³

et al. 2017

EAI Endorsed Transactions on Industrial Networks and Intelligen

View full text Add to dashboard Cite

Industrial Control Systems (ICS) are getting more vulnerable as they become increasingly interconnected with other systems. Industrial Internet of Things(IIoT) will bring new opportunities to business and society, along with new threats and security risks. One major change that ICS will face will be that of the dynamic network topology. Changes in the network architecture will affect the performance of the ICS along with the efficiency of the security mechanisms that are deployed. The current article investigates how changes in the network architecture of a supervisory control and data acquisition (SCADA) system affect the performance of an Intrusion Detection System IDS that is based on the One class Support Vector Machine (OCSVM). Also the article proposes an adaptive mechanism that can cope with such changes and can work in real time situations. The performance of the proposed adaptive IDS is tested using traces from a Hybrid ICS testbed with a dynamic topology.

show abstract

Intrusion detection algorithm based on OCSVM in industrial control system

Cited by 54 publications

References 24 publications

Function-Aware Anomaly Detection Based on Wavelet Neural Network for Industrial Control Communication

Function-Aware Anomaly Detection Based on Wavelet Neural Network for Industrial Control Communication

Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems

A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes

Contact Info

Product

Resources

About