Detecção de Intrusão e Análise Cyberfísica em Redes Industriais
Resumo
Este trabalho investiga a cibersegurança em Sistemas de Controle Industrial (ICS) diante de riscos cibernéticos emergentes. Desenvolvemos um sistema de detecção de anomalias com uma abordagem de classificação em duas etapas: distinguindo entre operações normais e anômalas, e identificando o tipo específico de ataque. Utilizou-se o dataset SWaT, um simulador de tratamento de água, e técnicas, como SMOTE, foram aplicadas para balancear os dados. Vários algoritmos foram testados, com destaque para o Random Forest pela sua capacidade de identificar os incidentes sem incorrer em falsos negativos (recall). Os resultados mostram que o sistema proposto pode classificar as operações de acordo com seu estado e tipo de ataque.Referências
Beaver, J. M., Borges-Hink, R. C., and Buckner, M. A. (2013). An evaluation of machine learning methods to detect malicious scada communications. In 2013 12th International Conference on Machine Learning and Applications, volume 2, pages 54–59.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Eid, A. M., Soudan, B., Bou Nasif, A., and Injadat, M. (2024). Comparative study of ML models for IIoT intrusion detection: impact of data preprocessing and balancing. Neural Computing and Applications, 36(13):6955–6972.
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., and Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proc. IEEE International Conference on Data Mining Workshops (ICDMW), pages 1058–1065.
Jones, A., Kong, Z., and Belta, C. (2014). Anomaly detection in cyber-physical systems: A formal methods approach. In Proc. 53rd IEEE Conference on Decision and Control, pages 848–853.
Keliris, A., Salehghaffari, H., Cairl, B., Krishnamurthy, P., Maniatakos, M., and Khorrami, F. (2016). Machine learning-based defense against process-aware attacks on industrial control systems. In Proc. IEEE International Test Conference (ITC), pages 1–10.
Kravchik, M. and Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. Workshop on Cyber-Physical Systems Security and Privacy, page 72–83. ACM.
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., and Reddi, R. (2011). A control system test bed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, 4(2):88–103.
MSU Critical Infrastructure Protection Center (2013). Home-page. [link]. Acesso em: 27/04/24.
Singapore University of Technology and Design (2024). iTrust Labs Datasets. [link]. Acesso em: 27/04/24.
Teixeira, M., Zolanvari, M., and Jain, R. (2020). WUSTL-IIOT-2018. DOI: 10.21227/kzgp-7t84. Acesso em: 27/04/24.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Eid, A. M., Soudan, B., Bou Nasif, A., and Injadat, M. (2024). Comparative study of ML models for IIoT intrusion detection: impact of data preprocessing and balancing. Neural Computing and Applications, 36(13):6955–6972.
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., and Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proc. IEEE International Conference on Data Mining Workshops (ICDMW), pages 1058–1065.
Jones, A., Kong, Z., and Belta, C. (2014). Anomaly detection in cyber-physical systems: A formal methods approach. In Proc. 53rd IEEE Conference on Decision and Control, pages 848–853.
Keliris, A., Salehghaffari, H., Cairl, B., Krishnamurthy, P., Maniatakos, M., and Khorrami, F. (2016). Machine learning-based defense against process-aware attacks on industrial control systems. In Proc. IEEE International Test Conference (ITC), pages 1–10.
Kravchik, M. and Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. Workshop on Cyber-Physical Systems Security and Privacy, page 72–83. ACM.
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., and Reddi, R. (2011). A control system test bed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, 4(2):88–103.
MSU Critical Infrastructure Protection Center (2013). Home-page. [link]. Acesso em: 27/04/24.
Singapore University of Technology and Design (2024). iTrust Labs Datasets. [link]. Acesso em: 27/04/24.
Teixeira, M., Zolanvari, M., and Jain, R. (2020). WUSTL-IIOT-2018. DOI: 10.21227/kzgp-7t84. Acesso em: 27/04/24.
Publicado
16/09/2024
Como Citar
MARIANI, Wagner Carlos; MUNARETTO, Anelise; FONSECA, Mauro; LOPES, Heitor; SILVA, Thiago H..
Detecção de Intrusão e Análise Cyberfísica em Redes Industriais. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 787-793.
DOI: https://doi.org/10.5753/sbseg.2024.241410.
