Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures

2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI:10.1109/EnCyCriS59249.2023.00006

Kayode Yakub Saheed, S. Misra, S. Chockalingam

{"title":"Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures","authors":"Kayode Yakub Saheed, S. Misra, S. Chockalingam","doi":"10.1109/EnCyCriS59249.2023.00006","DOIUrl":null,"url":null,"abstract":"Industrial Control Systems (ICS) are widely used to carry out the fundamental functions of a society and are frequently employed in Critical Infrastructures (CIs). Consequently, protection against cyber-attacks is essential for these systems. Over the years, numerous cyber-attack detection system concepts have been proposed, each employing a distinct set of processes and methodologies. Despite this, there is a significant gap in the field of techniques for detecting cyber-attacks on ICS. Most existing studies used device logs, which require considerable pre-processing and understanding before they can be utilized for intrusion detection in an ICS environment. In this paper, we proposed an intrusion detection using an autoencoder for feature dimensionality reduction trained on network flow data via a Deep Convolutional Neural Network (DCNN) and Long Short-Term Memory (LSTM), which does not require prior knowledge of the underlying architecture and network's topology. The experimental analysis was performed on the ICS dataset and gas pipeline data given by Mississippi State University (MSU). The LSTM model achieved an accuracy greater than 99% and an AUC-ROC of 99.50% on the ICS data, whereas the DCNN model achieved an accuracy of 96.0% and an AUC-ROC of 97.20% on the gas pipeline network data, with extremely low false negatives and false positives. The results of the study showed that LSTM is superior to DCNN in detecting anomalies in ICS. In addition, the results disclosed that LSTM and DCNN are effective at time series prediction tasks. This observation is encouraging, as DCNN and LSTM are smaller, faster, and more straightforward than the deep neural network and recurrent neural networks utilized in previous research. The proposed IDS architecture is a low-cost, network-based solution that requires minimal processing, performs unsupervised, and is straightforward to implement in a real-world environment.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EnCyCriS59249.2023.00006","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Industrial Control Systems (ICS) are widely used to carry out the fundamental functions of a society and are frequently employed in Critical Infrastructures (CIs). Consequently, protection against cyber-attacks is essential for these systems. Over the years, numerous cyber-attack detection system concepts have been proposed, each employing a distinct set of processes and methodologies. Despite this, there is a significant gap in the field of techniques for detecting cyber-attacks on ICS. Most existing studies used device logs, which require considerable pre-processing and understanding before they can be utilized for intrusion detection in an ICS environment. In this paper, we proposed an intrusion detection using an autoencoder for feature dimensionality reduction trained on network flow data via a Deep Convolutional Neural Network (DCNN) and Long Short-Term Memory (LSTM), which does not require prior knowledge of the underlying architecture and network's topology. The experimental analysis was performed on the ICS dataset and gas pipeline data given by Mississippi State University (MSU). The LSTM model achieved an accuracy greater than 99% and an AUC-ROC of 99.50% on the ICS data, whereas the DCNN model achieved an accuracy of 96.0% and an AUC-ROC of 97.20% on the gas pipeline network data, with extremely low false negatives and false positives. The results of the study showed that LSTM is superior to DCNN in detecting anomalies in ICS. In addition, the results disclosed that LSTM and DCNN are effective at time series prediction tasks. This observation is encouraging, as DCNN and LSTM are smaller, faster, and more straightforward than the deep neural network and recurrent neural networks utilized in previous research. The proposed IDS architecture is a low-cost, network-based solution that requires minimal processing, performs unsupervised, and is straightforward to implement in a real-world environment.

查看原文本刊更多论文

基于DCNN和LSTM模型的自编码器在关键基础设施工业控制系统中的入侵检测

工业控制系统(ICS)广泛用于实现社会的基本功能，并经常用于关键基础设施(ci)。因此，防范网络攻击对这些系统至关重要。多年来，已经提出了许多网络攻击检测系统概念，每个概念都采用了一套独特的过程和方法。尽管如此，在检测ICS网络攻击的技术领域仍存在重大差距。大多数现有的研究都使用设备日志，在ICS环境中用于入侵检测之前，这些日志需要大量的预处理和理解。在本文中，我们提出了一种入侵检测方法，通过深度卷积神经网络(DCNN)和长短期记忆(LSTM)在网络流数据上训练特征降维的自编码器，该方法不需要预先了解底层架构和网络拓扑。实验分析采用了美国密西西比州立大学(MSU)提供的ICS数据集和天然气管道数据。LSTM模型在ICS数据上的准确率大于99%，AUC-ROC为99.50%，而DCNN模型在天然气管网数据上的准确率为96.0%，AUC-ROC为97.20%，假阴性和假阳性极低。研究结果表明，LSTM在检测ICS异常方面优于DCNN。此外，结果表明LSTM和DCNN在时间序列预测任务中是有效的。这一观察结果令人鼓舞，因为DCNN和LSTM比以前研究中使用的深度神经网络和递归神经网络更小、更快、更直接。所建议的IDS体系结构是一种低成本的、基于网络的解决方案，它需要最少的处理，执行无监督，并且在现实环境中易于实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)

自引率

0.00%

发文量