Skip to main content
SpringerLink
Log in

AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11999))

Included in the following conference series:

Abstract

Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A. Erba, et al.: Real-time evasion attacks with physical constraints on deep learning-based anomaly detectors in industrial control systems. arXiv preprint arXiv:1907.07487 (2019)

  2. A. Nichol, et al.: On First-Order Meta-Learning Algorithms. arXiv e-prints arXiv:1803.02999, March 2018

  3. Galloway, B., et al.: Introduction to Industrial Control Networks. IEEE Commun. Surv. Tutor. 15(2), 860–880 (2013). https://doi.org/10.1109/SURV.2012.071812.00124

    Article  MathSciNet  Google Scholar 

  4. Finn, C., et al.: Model-agnostic meta-learning for fast adaptation of deep networks. In: Proceedings of the 34th International Conference on Machine Learning, vol. 70, pp. 1126–1135. JMLR. org (2017)

    Google Scholar 

  5. Ahmed, C.M., et al.: Noise matters: using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 566–581. ACM (2018)

    Google Scholar 

  6. Shalyga, D., et al.: Anomaly Detection for Water Treatment System based on Neural Network with Automatic Architecture Optimization. arXiv e-prints arXiv:1807.07282, July 2018

  7. Facebook: Pytorch (2019). https://pytorch.org/

  8. Goodwin, G., et al.: Architectures and coder design for networked control systems. Automatica 44(1), 248–257 (2008)

    Article  MathSciNet  Google Scholar 

  9. Kurtzer, G., et al.: Singularity: Scientific containers for mobility of compute. PloS One 12(5), e0177459 (2017)

    Article  Google Scholar 

  10. Cheng, H., et al.: Wide and deep learning for recommender systems. In: Proceedings of the 1st Workshop on Deep Learning for Recommender Systems, pp. 7–10. ACM (2016)

    Google Scholar 

  11. Sutskever, I., et al.: On the importance of initialization and momentum in deep learning. In: International Conference on Machine Learning, pp. 1139–1147 (2013)

    Google Scholar 

  12. iTrust: Secure Water Treatment. https://itrust.sutd.edu.sg/testbeds/secure-water-treatment-swat/

  13. Goh, J., et al.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)

    Google Scholar 

  14. Quionero-Candela, J., et al.: Dataset Shift in Machine Learning. The MIT Press, Cambridge (2009)

    Google Scholar 

  15. Aung, K.M.: Secure Water Treatment Testbed (SWaT): An Overview. Technical report, iTrust (2015)

    Google Scholar 

  16. Kravchik, M., et al.: Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83. ACM (2018)

    Google Scholar 

  17. Pavol, M., et al.: Adaptive network security through stream machine learning. In: Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos, pp. 4–5. ACM (2018)

    Google Scholar 

  18. Pavol, M., et al.: Stream-based machine learning for network security and anomaly detection. In: Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, pp. 1–7. ACM (2018)

    Google Scholar 

  19. Wang, M., et al.: Deep visual domain adaptation: a survey. Neurocomputing 312, 135–153 (2018)

    Article  Google Scholar 

  20. NCCIC/ICS-CERT: Cyber-attack against ukrainian critical infrastructure (2016). https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01

  21. ODVA: Technology overview series: EtherNet/IP. Technical report, ODVA (2016)

    Google Scholar 

  22. Lin, Q., et al.: Tabor: A graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)

    Google Scholar 

  23. Adepu, S., et al.: Generalized attacker and attack models for cyber physical systems. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 283–292. IEEE (2016)

    Google Scholar 

  24. Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference of the IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)

    Google Scholar 

  25. Singh, S., et al.: SH-SecNet: an enhanced secure network architecture for the diagnosis of security threats in a smart home. Sustainability 9(4), 513 (2017)

    Article  Google Scholar 

  26. Chen, W.Y., et al.: A Closer Look at Few-shot Classification. arXiv e-prints arXiv:1904.04232, April 2019

  27. Zhan, X.S., et al.: Performance analysis of networked control systems with snr constraint. Int. J. Innov. Comput. Inf. Control 8(12), 8287–8298 (2012)

    Google Scholar 

Download references

Acknowledgment

The authors would like to thank the Center for Research in Cyber Security at the Singapore University of Technology and Design for providing the SWaT dataset.

Author information

Authors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Maged Abdelaty, Roberto Doriguzzi-Corin & Domenico Siracusa

  2. University of Trento, Trento, Italy

    Maged Abdelaty

Authors
  1. Maged Abdelaty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Doriguzzi-Corin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Domenico Siracusa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maged Abdelaty .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. The Hong Kong Polytechnic University, Kowloon, Hong Kong

    Xiapu Luo

  3. Peking University, Beijing, China

    Qingni Shen

  4. Institute of Information Engineering, Beijing, China

    Zhen Xu

Appendix A Point Recall Comparison

Appendix A Point Recall Comparison

Table A.1. Recall for each attack in the SWaT dataset.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abdelaty, M., Doriguzzi-Corin, R., Siracusa, D. (2020). AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41579-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41578-5

  • Online ISBN: 978-3-030-41579-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation