Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations

Umer, Muhammad; Junejo, Khurum Nazir; Jilani, Muhammad Taha; Mathur, Aditya P.

doi:10.1016/j.ijcip.2022.100516

Cited by 68 publications

(36 citation statements)

References 144 publications

(144 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The KDDCup 99 dataset is one of the popular datasets in IoT with cybersecurity [33], [34], [35], [36], [37], [38], [39], [40], [41], [42], [43], [44], [45], [46], [47]. This dataset provides labelled and unlabeled training and testing data, and it originated from the evaluation program DARPA98 IDS with corresponds to seven and two weeks [33], [41], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [61], [62], [63], [64], [65], [66], [67], [68], [69], [70], [71], [72], [73], [74]. The UNSW-NB15 dataset was created by perfectStorm (IXIA) in collaboration with the UNSW Cyber Range Lab to generate moderately aggressive activities and attacks.…”

Section: Methodsmentioning

confidence: 99%

“…The research on ML-AIDS identifies and efficiently implements the effective and efficient anomalies of networks and computers [70]. Recently, many researchers have been dedicated to developing ML with NIDs [41], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [61], [62], [63], [64], [65], [66], [67], [68], [69], [70]. The IDS faced challenges in accuracy by reducing false alarm rates.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures

et al. 2023

View full text Add to dashboard Cite

Computer viruses, malicious, and other hostile attacks can affect a computer network. Intrusion detection is a key component of network security as an active defence technology. Traditional intrusion detection systems struggle with issues like poor accuracy, ineffective detection, a high percentage of false positives, and an inability to handle new types of intrusions. To address these issues, we propose a deep learning-based novel method to detect cybersecurity vulnerabilities and breaches in cyber-physical systems. The proposed framework contrasts the unsupervised and deep learning-based discriminative approaches. This paper presents a generative adversarial network to detect cyber threats in IoT-driven IICs networks. The results demonstrate a performance increase of approximately 95% to 97% in terms of accuracy, reliability, and efficiency in detecting all types of attacks with a dropout value of 0.2 and an epoch value of 25. The output of well-known state-of-the-art DL classifiers achieved the highest true rate (TNR) and highest detection rate (HDR) when detecting the following attacks: (BruteForceXXS, BruteForceWEB, DoS_Hulk_Attack, and DOS_LOIC_HTTP_Attack) on the NSL-KDD, KDDCup99, and UNSW-NB15 datasets. It also maintained the confidentiality and integrity of users' and systems' sensitive information during the training and testing phases.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Umer et al [ 44 ] presented a survey of methods from machine learning that focused on anomaly detection at the physical level in ICS and IDS at the network level. Wanget et al [ 45 ] addressed the problem of data imbalance in ICS systems which lead to poor performance using traditional ML algorithms.…”

Section: Related Workmentioning

confidence: 99%

A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems

Kim

Alawami

Kim

et al. 2023

Sensors

View full text Add to dashboard Cite

Anomaly detection has been known as an effective technique to detect faults or cyber-attacks in industrial control systems (ICS). Therefore, many anomaly detection models have been proposed for ICS. However, most models have been implemented and evaluated under specific circumstances, which leads to confusion about choosing the best model in a real-world situation. In other words, there still needs to be a comprehensive comparison of state-of-the-art anomaly detection models with common experimental configurations. To address this problem, we conduct a comparative study of five representative time series anomaly detection models: InterFusion, RANSynCoder, GDN, LSTM-ED, and USAD. We specifically compare the performance analysis of the models in detection accuracy, training, and testing times with two publicly available datasets: SWaT and HAI. The experimental results show that the best model results are inconsistent with the datasets. For SWaT, InterFusion achieves the highest F1-score of 90.7% while RANSynCoder achieves the highest F1-score of 82.9% for HAI. We also investigate the effects of the training set size on the performance of anomaly detection models. We found that about 40% of the entire training set would be sufficient to build a model producing a similar performance compared to using the entire training set.

show abstract

“…The above passive function, in combination with the new class of requirements in cybersecurity, leads to the logic of adopting solutions that include fully automated security methods based on advanced techniques of artificial intelligence [ 11 ], with the parallel minimization of human intervention [ 12 ]. The idea of getting rid of the constant surveillance and direct presence of people is related to advanced attacks like Stuxnet and BlackEnergy, where it turned out that it just needed an infected USB stick or open a phishing e-mail to allow the attacker to access an isolated industrial network [ 5 ].…”

Section: Introductionmentioning

confidence: 99%

A Semi-Self-Supervised Intrusion Detection System for Multilevel Industrial Cyber Protection

Zhao

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Industry 4.0 affects all components of the modern industry value chain. The accelerating use of the Internet and the convergence of industrial and operational networks constantly increase the need for secure industrial communication solutions. Therefore, “multilevel industrial cyber protection” is critical to Industry 4.0. In general, industrial protection refers to safeguarding information and data and the intellectual property rights of production processes related to the overall industry environment. The availability, integrity, and confidentiality of systems must be maintained. The goal challenge is the best possible protection from attacks and threats which create immediate financial damage and other risks in the industry (reputation, etc.). Based on the Defense-in-Depth strategy, a holistic, multilayered, and in-depth protection of industrial systems is developed in this paper. Specifically, a Semi-Self-Supervised Intrusion Detection System (S3IDS) is proposed, which combines advanced machine learning techniques for industrial data noise reduction to automate the discovery and separation of classes, which are essentially equivalent to cyber-related anomalies. As demonstrated by a mathematical simulation based on computational number theory and specifically on the concept of the single object, the proposed S3IDS learns to accurately reconstruct samples to predict the nature of an anomaly created directly by the industrial ecosystem.

show abstract

Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations

Cited by 68 publications

References 144 publications

Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures

Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures

A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems

A Semi-Self-Supervised Intrusion Detection System for Multilevel Industrial Cyber Protection

Contact Info

Product

Resources

About