Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.T...Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.Towards this end,a class of anomaly detectors,created using data-centric approaches,are gaining attention.Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS.The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design.Despite the advantages,there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants.In this work,we enumerate and discuss such challenges.Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.展开更多
The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diver...The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.展开更多
The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the...The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.展开更多
Industrial Control Systems(ICS)can be employed on the industrial processes in order to reduce the manual labor and handle the complicated industrial system processes as well as communicate effectively.Internet of Thin...Industrial Control Systems(ICS)can be employed on the industrial processes in order to reduce the manual labor and handle the complicated industrial system processes as well as communicate effectively.Internet of Things(IoT)integrates numerous sets of sensors and devices via a data network enabling independent processes.The incorporation of the IoT in the industrial sector leads to the design of Industrial Internet of Things(IIoT),which find use in water distribution system,power plants,etc.Since the IIoT is susceptible to different kinds of attacks due to the utilization of Internet connection,an effective forensic investigation process becomes essential.This study offers the design of an intelligent forensic investigation using optimal stacked autoencoder for critical industrial infrastructures.The proposed strategy involves the design of manta ray foraging optimization(MRFO)based feature selection with optimal stacked autoencoder(OSAE)model,named MFROFS-OSAE approach.The primary objective of the MFROFS-OSAE technique is to determine the presence of abnormal events in critical industrial infrastructures.TheMFROFS-OSAE approach involves several subprocesses namely data gathering,data handling,feature selection,classification,and parameter tuning.Besides,the MRFO based feature selection approach is designed for the optimal selection of feature subsets.Moreover,the OSAE based classifier is derived to detect abnormal events and the parameter tuning process is carried out via the coyote optimization algorithm(COA).The performance validation of the MFROFS-OSAE technique takes place using the benchmark dataset and the experimental results reported the betterment of the MFROFS-OSAE technique over the recent approaches interms of different measures.展开更多
Modern critical infrastructure,such as a water treatment plant,water distribution system,and power grid,are representative of Cyber Physical Systems(CPSs)in which the physical processes are monitored and controlled in...Modern critical infrastructure,such as a water treatment plant,water distribution system,and power grid,are representative of Cyber Physical Systems(CPSs)in which the physical processes are monitored and controlled in real time.One source of complexity in such systems is due to the intra-system interactions and inter-dependencies.Consequently,these systems are a potential target for attackers.When one or more of these infrastructure are attacked,the connected systems may also be affected due to potential cascading effects.In this paper,we report a study to investigate the cascading effects of cyber-attacks on two interdependent critical infrastructure namely,a Secure water treatment plant(SWaT)and a Water Distribution System(WADI).展开更多
Cyber-physical systems(CPSs)in critical infrastructure face serious threats of attack,motivating research into a wide variety of defence mechanisms such as those that monitor for violations of invariants,i.e.logical p...Cyber-physical systems(CPSs)in critical infrastructure face serious threats of attack,motivating research into a wide variety of defence mechanisms such as those that monitor for violations of invariants,i.e.logical properties over sensor and actuator states that should always be true.Many approaches for identifying invariants attempt to do so automatically,typically using data logs,but these can miss valid system properties if relevant behaviours are not well-represented in the data.Furthermore,as the CPS is already built,resolving any design flaws or weak points identified through this process is costly.In this paper,we propose a systematic method for deriving invariants from an analysis of a CPS design,based on principles of the axiomatic design methodology from design science.Our method iteratively decomposes a high-level CPS design to identify sets of dependent design parameters(i.e.sensors and actuators),allowing for invariants and invariant checkers to be derived in parallel to the implementation of the system.We apply our method to the designs of two CPS testbeds,SWaT and WADI,deriving a suite of invariant checkers that are able to detect a variety of single-and multi-stage attacks without any false positives.Finally,we reflect on the strengths and weaknesses of our approach,how it can be complemented by other defence mechanisms,and how it could help engineers to identify and resolve weak points in a design before the controllers of a CPS are implemented.展开更多
基金the National Research Foundation(NRF),Prime Minister’s Office,Singapore,under its National Cybersecurity R&D Programme(Award No.NRF2016NCR-NCR002-023 and NRF2018NCR-NSOE005-0001)administered by the National Cybersecurity R&D Directorate.
文摘Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.Towards this end,a class of anomaly detectors,created using data-centric approaches,are gaining attention.Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS.The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design.Despite the advantages,there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants.In this work,we enumerate and discuss such challenges.Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.
文摘The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.
文摘The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.
基金The authors extend their appreciation to the Deputyship for Research&Innovation,Ministry of Education in Saudi Arabia for funding this research work through the Project Number(IFPIP-153-611-1442)and King Abdulaziz University,DSR,Jeddah,Saudi Arabia.
文摘Industrial Control Systems(ICS)can be employed on the industrial processes in order to reduce the manual labor and handle the complicated industrial system processes as well as communicate effectively.Internet of Things(IoT)integrates numerous sets of sensors and devices via a data network enabling independent processes.The incorporation of the IoT in the industrial sector leads to the design of Industrial Internet of Things(IIoT),which find use in water distribution system,power plants,etc.Since the IIoT is susceptible to different kinds of attacks due to the utilization of Internet connection,an effective forensic investigation process becomes essential.This study offers the design of an intelligent forensic investigation using optimal stacked autoencoder for critical industrial infrastructures.The proposed strategy involves the design of manta ray foraging optimization(MRFO)based feature selection with optimal stacked autoencoder(OSAE)model,named MFROFS-OSAE approach.The primary objective of the MFROFS-OSAE technique is to determine the presence of abnormal events in critical industrial infrastructures.TheMFROFS-OSAE approach involves several subprocesses namely data gathering,data handling,feature selection,classification,and parameter tuning.Besides,the MRFO based feature selection approach is designed for the optimal selection of feature subsets.Moreover,the OSAE based classifier is derived to detect abnormal events and the parameter tuning process is carried out via the coyote optimization algorithm(COA).The performance validation of the MFROFS-OSAE technique takes place using the benchmark dataset and the experimental results reported the betterment of the MFROFS-OSAE technique over the recent approaches interms of different measures.
基金the National Research Foundation(NRF),Prime Minister’s Office,Singapore,under its National Cybersecurity R&D Programme(Award No.NRF2015NCR-NCR003-001)and administered by the National Cybersecurity R&D Directorate.
文摘Modern critical infrastructure,such as a water treatment plant,water distribution system,and power grid,are representative of Cyber Physical Systems(CPSs)in which the physical processes are monitored and controlled in real time.One source of complexity in such systems is due to the intra-system interactions and inter-dependencies.Consequently,these systems are a potential target for attackers.When one or more of these infrastructure are attacked,the connected systems may also be affected due to potential cascading effects.In this paper,we report a study to investigate the cascading effects of cyber-attacks on two interdependent critical infrastructure namely,a Secure water treatment plant(SWaT)and a Water Distribution System(WADI).
基金the National Research Foundation,Singapore,under its National Satellite of Excellence Programme“Design Science and Technology for Secure Critical Infrastructure”(Award Number:NSoE DeST-SCI2019-0004).
文摘Cyber-physical systems(CPSs)in critical infrastructure face serious threats of attack,motivating research into a wide variety of defence mechanisms such as those that monitor for violations of invariants,i.e.logical properties over sensor and actuator states that should always be true.Many approaches for identifying invariants attempt to do so automatically,typically using data logs,but these can miss valid system properties if relevant behaviours are not well-represented in the data.Furthermore,as the CPS is already built,resolving any design flaws or weak points identified through this process is costly.In this paper,we propose a systematic method for deriving invariants from an analysis of a CPS design,based on principles of the axiomatic design methodology from design science.Our method iteratively decomposes a high-level CPS design to identify sets of dependent design parameters(i.e.sensors and actuators),allowing for invariants and invariant checkers to be derived in parallel to the implementation of the system.We apply our method to the designs of two CPS testbeds,SWaT and WADI,deriving a suite of invariant checkers that are able to detect a variety of single-and multi-stage attacks without any false positives.Finally,we reflect on the strengths and weaknesses of our approach,how it can be complemented by other defence mechanisms,and how it could help engineers to identify and resolve weak points in a design before the controllers of a CPS are implemented.