Intrusion Detection and Cyber-Physical Analysis in Industrial Networks
Abstract
This paper investigates cyber-physical security in Industrial Control Systems (ICS) facing emerging cybernetic risks. We have developed an anomaly-detecting system featuring a two-step classification: the first distinguishes between normal and anomalous operations, and then identifies the type of attack. SWaT dataset, a water treatment simulator, has been used, and techniques, such as SMOTE, have been applied to balance the data. Various machine learning algorithms have been tested, highlighting Random Forest due to its recall. Results show the proposed system can classify operations according to the state and type of attack.References
Beaver, J. M., Borges-Hink, R. C., and Buckner, M. A. (2013). An evaluation of machine learning methods to detect malicious scada communications. In 2013 12th International Conference on Machine Learning and Applications, volume 2, pages 54–59.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Eid, A. M., Soudan, B., Bou Nasif, A., and Injadat, M. (2024). Comparative study of ML models for IIoT intrusion detection: impact of data preprocessing and balancing. Neural Computing and Applications, 36(13):6955–6972.
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., and Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proc. IEEE International Conference on Data Mining Workshops (ICDMW), pages 1058–1065.
Jones, A., Kong, Z., and Belta, C. (2014). Anomaly detection in cyber-physical systems: A formal methods approach. In Proc. 53rd IEEE Conference on Decision and Control, pages 848–853.
Keliris, A., Salehghaffari, H., Cairl, B., Krishnamurthy, P., Maniatakos, M., and Khorrami, F. (2016). Machine learning-based defense against process-aware attacks on industrial control systems. In Proc. IEEE International Test Conference (ITC), pages 1–10.
Kravchik, M. and Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. Workshop on Cyber-Physical Systems Security and Privacy, page 72–83. ACM.
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., and Reddi, R. (2011). A control system test bed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, 4(2):88–103.
MSU Critical Infrastructure Protection Center (2013). Home-page. [link]. Acesso em: 27/04/24.
Singapore University of Technology and Design (2024). iTrust Labs Datasets. [link]. Acesso em: 27/04/24.
Teixeira, M., Zolanvari, M., and Jain, R. (2020). WUSTL-IIOT-2018. DOI: 10.21227/kzgp-7t84. Acesso em: 27/04/24.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Eid, A. M., Soudan, B., Bou Nasif, A., and Injadat, M. (2024). Comparative study of ML models for IIoT intrusion detection: impact of data preprocessing and balancing. Neural Computing and Applications, 36(13):6955–6972.
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., and Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proc. IEEE International Conference on Data Mining Workshops (ICDMW), pages 1058–1065.
Jones, A., Kong, Z., and Belta, C. (2014). Anomaly detection in cyber-physical systems: A formal methods approach. In Proc. 53rd IEEE Conference on Decision and Control, pages 848–853.
Keliris, A., Salehghaffari, H., Cairl, B., Krishnamurthy, P., Maniatakos, M., and Khorrami, F. (2016). Machine learning-based defense against process-aware attacks on industrial control systems. In Proc. IEEE International Test Conference (ITC), pages 1–10.
Kravchik, M. and Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proc. Workshop on Cyber-Physical Systems Security and Privacy, page 72–83. ACM.
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., and Reddi, R. (2011). A control system test bed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, 4(2):88–103.
MSU Critical Infrastructure Protection Center (2013). Home-page. [link]. Acesso em: 27/04/24.
Singapore University of Technology and Design (2024). iTrust Labs Datasets. [link]. Acesso em: 27/04/24.
Teixeira, M., Zolanvari, M., and Jain, R. (2020). WUSTL-IIOT-2018. DOI: 10.21227/kzgp-7t84. Acesso em: 27/04/24.
Published
2024-09-16
How to Cite
MARIANI, Wagner Carlos; MUNARETTO, Anelise; FONSECA, Mauro; LOPES, Heitor; SILVA, Thiago H..
Intrusion Detection and Cyber-Physical Analysis in Industrial Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 787-793.
DOI: https://doi.org/10.5753/sbseg.2024.241410.
