Machine Learning for Threat Recognition in Critical Cyber-Physical Systems

2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI:10.1109/CSR51186.2021.9527979

Paola Perrone, Francesco Flammini, R. Setola

{"title":"Machine Learning for Threat Recognition in Critical Cyber-Physical Systems","authors":"Paola Perrone, Francesco Flammini, R. Setola","doi":"10.1109/CSR51186.2021.9527979","DOIUrl":null,"url":null,"abstract":"Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSR51186.2021.9527979","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.

查看原文本刊更多论文

关键信息物理系统中威胁识别的机器学习

近年来，网络安全已成为企业信息管理和关键基础设施保护面临的新挑战。人工智能(AI)已经广泛应用于各个领域，但在网络物理系统(CPS)安全领域仍然是一个相对较新的领域。在本文中，我们提供了一种基于机器学习(ML)的智能威胁识别方法，以实现运行时风险评估，从而在CPS安全监控中实现卓越的态势感知。为了对恶意活动进行分类，几种机器学习方法，如k近邻(kNN)， Naïve贝叶斯(NB)，支持向量机(SVM)，决策树(DT)和随机森林(RF)，已经应用并使用两个不同的公开可用的真实世界测试平台进行了比较。结果表明，射频可以获得最佳的分类性能。当在参考工业应用中使用时，该方法允许安全控制室操作员仅在分类置信度高于阈值时获得威胁通知，从而减少安全管理人员的压力并有效地支持他们的决策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

自引率

0.00%

发文量