Abstract
Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A. Erba, et al.: Real-time evasion attacks with physical constraints on deep learning-based anomaly detectors in industrial control systems. arXiv preprint arXiv:1907.07487 (2019)
A. Nichol, et al.: On First-Order Meta-Learning Algorithms. arXiv e-prints arXiv:1803.02999, March 2018
Galloway, B., et al.: Introduction to Industrial Control Networks. IEEE Commun. Surv. Tutor. 15(2), 860–880 (2013). https://doi.org/10.1109/SURV.2012.071812.00124
Finn, C., et al.: Model-agnostic meta-learning for fast adaptation of deep networks. In: Proceedings of the 34th International Conference on Machine Learning, vol. 70, pp. 1126–1135. JMLR. org (2017)
Ahmed, C.M., et al.: Noise matters: using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 566–581. ACM (2018)
Shalyga, D., et al.: Anomaly Detection for Water Treatment System based on Neural Network with Automatic Architecture Optimization. arXiv e-prints arXiv:1807.07282, July 2018
Facebook: Pytorch (2019). https://pytorch.org/
Goodwin, G., et al.: Architectures and coder design for networked control systems. Automatica 44(1), 248–257 (2008)
Kurtzer, G., et al.: Singularity: Scientific containers for mobility of compute. PloS One 12(5), e0177459 (2017)
Cheng, H., et al.: Wide and deep learning for recommender systems. In: Proceedings of the 1st Workshop on Deep Learning for Recommender Systems, pp. 7–10. ACM (2016)
Sutskever, I., et al.: On the importance of initialization and momentum in deep learning. In: International Conference on Machine Learning, pp. 1139–1147 (2013)
iTrust: Secure Water Treatment. https://itrust.sutd.edu.sg/testbeds/secure-water-treatment-swat/
Goh, J., et al.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)
Quionero-Candela, J., et al.: Dataset Shift in Machine Learning. The MIT Press, Cambridge (2009)
Aung, K.M.: Secure Water Treatment Testbed (SWaT): An Overview. Technical report, iTrust (2015)
Kravchik, M., et al.: Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83. ACM (2018)
Pavol, M., et al.: Adaptive network security through stream machine learning. In: Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos, pp. 4–5. ACM (2018)
Pavol, M., et al.: Stream-based machine learning for network security and anomaly detection. In: Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, pp. 1–7. ACM (2018)
Wang, M., et al.: Deep visual domain adaptation: a survey. Neurocomputing 312, 135–153 (2018)
NCCIC/ICS-CERT: Cyber-attack against ukrainian critical infrastructure (2016). https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
ODVA: Technology overview series: EtherNet/IP. Technical report, ODVA (2016)
Lin, Q., et al.: Tabor: A graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)
Adepu, S., et al.: Generalized attacker and attack models for cyber physical systems. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 283–292. IEEE (2016)
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference of the IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)
Singh, S., et al.: SH-SecNet: an enhanced secure network architecture for the diagnosis of security threats in a smart home. Sustainability 9(4), 513 (2017)
Chen, W.Y., et al.: A Closer Look at Few-shot Classification. arXiv e-prints arXiv:1904.04232, April 2019
Zhan, X.S., et al.: Performance analysis of networked control systems with snr constraint. Int. J. Innov. Comput. Inf. Control 8(12), 8287–8298 (2012)
Acknowledgment
The authors would like to thank the Center for Research in Cyber Security at the Singapore University of Technology and Design for providing the SWaT dataset.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A Point Recall Comparison
Appendix A Point Recall Comparison
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Abdelaty, M., Doriguzzi-Corin, R., Siracusa, D. (2020). AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-41579-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41578-5
Online ISBN: 978-3-030-41579-2
eBook Packages: Computer ScienceComputer Science (R0)