Sensor based cyber attack detections in critical infrastructures using deep learning algorithms

• Autorzy: Yilmaz Murat , Catak Ferhat Ozgur , Gul Ensar

Identyfikatory

DOI

10.7494/csci.2019.20.2.3191

• Języki publikacji: EN

Abstrakty

EN

The technology that has evolved with innovations in the digital world has also caused an increase in many security problems. Day by day the methods and forms of the cyberattacks began to become complicated, and therefore their detection became more difficult. In this work we have used the datasets which have been prepared in collaboration with Raymond Borges and Oak Ridge National Laboratories. These datasets include measurements of the Industrial Control Systems related to chewing attack behavior. These measurements include synchronized measurements and data records from Snort and relays with the simulated control panel. In this study, we developed two models using this datasets. The first is the model we call the DNN Model which was build using the latest Deep Learning algorithms. The second model was created by adding the AutoEncoder structure to the DNN Model. All of the variables used when developing our models were set parametrically. A number of variables such as activation method, number of hidden layers in the model, the number of nodes in the layers, number of iterations were analyzed to create the optimum model design. When we run our model with optimum settings, we obtained better results than related studies. The learning speed of the model has 100\% accuracy rate which is also entirely satisfactory. While the training period of the dataset containing about 4 thousand different operations lasts about 90 seconds, the developed model completes the learning process at the level of milliseconds to detect new attacks. This increases the applicability of the model in real world environment.

Słowa kluczowe

EN

cyber security; engineering; critical infrastructures; industrial system; information security; cyber attack detections

• Wydawca: Wydawnictwa AGH
• Czasopismo: Computer Science
• Rocznik: 2019
• Tom: Vol. 20 (2)
• Strony: 213--243
• Opis fizyczny: Bibliogr. 13 poz., rys., tab.

Twórcy

autor

Yilmaz Murat

• Istanbul Sehir University, Cyber Security Engineering, 34865, Istanbul, Turkey

autor

Catak Ferhat Ozgur

• TUBITAK BILGEM Cyber Security Institute, Kocaeli, Turkey

autor

Gul Ensar

• Istanbul Sehir University, Cyber Security Engineering, 34865, Istanbul, Turkey

Bibliografia

• [1] Baldi P.: Autoencoders, Unsupervised Learning, and Deep Architectures. In: I. Guyon, G. Dror, V. Lemaire, G. Taylor, D. Silver (eds.), Proceedings of ICML Workshop on Unsupervised and Transfer Learning, Proceedings of Machine Learning Research, vol. 27, pp. 37-49. PMLR, Bellevue, Washington, USA, 2012. http://proceedings.mlr.press/v27/baldi12a.html.
• [2] Borges Hink R.C., Beaver J.M., Buckner M.A., Morris T., Adhikari U., Pan S.: Machine learning for power system disturbance and cyber-attack discrimination. In: 2014 7th International Symposium on Resilient Control Systems (ISRCS), pp. 1-8, 2014. http://dx.doi.org/10.1109/ISRCS.2014.6900095.
• [3] Deng L.: A tutorial survey of architectures, algorithms, and applications for deep learning, APSIPA Transactions on Signal and Information Processing, vol. 3, p. e2, 2014. https://doi.org/10.1017/atsip.2013.9.
• [4] Dondossola G., Szanto J., Masera M., Nai Fovino I.: Effects of intentional threats to power substation control systems, International Journal of Critical Infrastructures, vol. 4(1-2), pp. 129-143, 2008. https://doi.org/10.1504/IJCIS.2008 .016096.
• [5] Falliere N., Murchu L.O., Chien E.: W32. stuxnet dossier. In: White paper, Symantec Corp., Security Response, vol. 5(6), p. 29, 2011.
• [6] Friedman N., Geiger D., Goldszmidt M.: Bayesian Network Classiffers, Machine Learning, vol. 29(2), pp. 131-163, 1997. https://doi.org/10.1023/A:100746 5528199.
• [7] Han J., Pei J., Yin Y., Mao R.: Mining Frequent Patterns without Candidate Generation: A Frequent-Pattern Tree Approach, Data Mining and Knowledge Discovery, vol. 8(1), pp. 53-87, 2004. https://doi.org/10.1023/B:DAMI.000 0005258.31418.83.
• [8] Kovacevic A., Nikolic D.: Cyber attacks on critical infrastructure: Review and challenges. In: Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance, pp. 1-18. IGI Global, 2015.
• [9] Makhzani A., Shlens J., Jaitly N., Goodfellow I.J., Frey B.: Adversarial Autoencoders, CoRR, vol. abs/1511.05644, 2015. http://arxiv.org/abs/1511.05644.
• [10] Morris T.H., Gao W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research, pp. 22-29. 2013.
• [11] Pan S., Morris T., Adhikari U.: Classiffication of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data, IEEE Transactions on Industrial Informatics, vol. 11(3), pp. 650-662, 2015. https: //doi.org/10.1109/TII.2015.2420951.
• [12] Pan S., Morris T., Adhikari U.: Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems, IEEE Transactions on Smart Grid, vol. 6(6), pp. 3104-3113, 2015. https://doi.org/10.1109/TSG.2015.2409775.
• [13] Vincent P., Larochelle H., Lajoie I., Bengio Y., Manzagol P.A.: Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion, The Journal of Machine Learning Research, vol. 11, pp. 3371-3408, 2010. http://dl.acm.org/citation.cfm?id=1756006.1953039.