EPASAD: ellipsoid decision boundary based Process-Aware Stealthy Attack Detector

IF 3.9 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Vikas Maurya, Rachit Agarwal, Saurabh Kumar, Sandeep Shukla
{"title":"EPASAD: ellipsoid decision boundary based Process-Aware Stealthy Attack Detector","authors":"Vikas Maurya, Rachit Agarwal, Saurabh Kumar, Sandeep Shukla","doi":"10.1186/s42400-023-00162-z","DOIUrl":null,"url":null,"abstract":"Abstract Due to the importance of Critical Infrastructure (CI) in a nation’s economy, they have been lucrative targets for cyber attackers. These critical infrastructures are usually Cyber-Physical Systems such as power grids, water, and sewage treatment facilities, oil and gas pipelines, etc. In recent times, these systems have suffered from cyber attacks numerous times. Researchers have been developing cyber security solutions for CIs to avoid lasting damages. According to standard frameworks, cyber security based on identification, protection, detection, response, and recovery are at the core of these research. Detection of an ongoing attack that escapes standard protection such as firewall, anti-virus, and host/network intrusion detection has gained importance as such attacks eventually affect the physical dynamics of the system. Therefore, anomaly detection in physical dynamics proves an effective means to implement defense-in-depth. PASAD is one example of anomaly detection in the sensor/actuator data, representing such systems’ physical dynamics. We present EPASAD, which improves the detection technique used in PASAD to detect these micro-stealthy attacks, as our experiments show that PASAD’s spherical boundary-based detection fails to detect. Our method EPASAD overcomes this by using Ellipsoid boundaries, thereby tightening the boundaries in various dimensions, whereas a spherical boundary treats all dimensions equally. We validate EPASAD using the dataset produced by the TE-process simulator and the C-town datasets. The results show that EPASAD improves PASAD’s average recall by 5.8% and 9.5% for the two datasets, respectively.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"38 1","pages":"0"},"PeriodicalIF":3.9000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s42400-023-00162-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract Due to the importance of Critical Infrastructure (CI) in a nation’s economy, they have been lucrative targets for cyber attackers. These critical infrastructures are usually Cyber-Physical Systems such as power grids, water, and sewage treatment facilities, oil and gas pipelines, etc. In recent times, these systems have suffered from cyber attacks numerous times. Researchers have been developing cyber security solutions for CIs to avoid lasting damages. According to standard frameworks, cyber security based on identification, protection, detection, response, and recovery are at the core of these research. Detection of an ongoing attack that escapes standard protection such as firewall, anti-virus, and host/network intrusion detection has gained importance as such attacks eventually affect the physical dynamics of the system. Therefore, anomaly detection in physical dynamics proves an effective means to implement defense-in-depth. PASAD is one example of anomaly detection in the sensor/actuator data, representing such systems’ physical dynamics. We present EPASAD, which improves the detection technique used in PASAD to detect these micro-stealthy attacks, as our experiments show that PASAD’s spherical boundary-based detection fails to detect. Our method EPASAD overcomes this by using Ellipsoid boundaries, thereby tightening the boundaries in various dimensions, whereas a spherical boundary treats all dimensions equally. We validate EPASAD using the dataset produced by the TE-process simulator and the C-town datasets. The results show that EPASAD improves PASAD’s average recall by 5.8% and 9.5% for the two datasets, respectively.

Abstract Image

基于椭球决策边界的过程感知隐身攻击检测器
由于关键基础设施(CI)在一个国家经济中的重要性,它们一直是网络攻击者有利可图的目标。这些关键的基础设施通常是网络物理系统,如电网、水和污水处理设施、石油和天然气管道等。最近,这些系统遭受了无数次的网络攻击。研究人员一直在为ci开发网络安全解决方案,以避免持久的损害。根据标准框架,基于识别、保护、检测、响应和恢复的网络安全是这些研究的核心。对逃避防火墙、反病毒和主机/网络入侵检测等标准保护的正在进行的攻击进行检测变得越来越重要,因为此类攻击最终会影响系统的物理动态。因此,物理动力学中的异常检测是实现纵深防御的有效手段。PASAD是传感器/执行器数据异常检测的一个例子,代表了这些系统的物理动态。我们提出了EPASAD,改进了PASAD中使用的检测技术来检测这些微隐身攻击,因为我们的实验表明,PASAD基于球面边界的检测无法检测到这些攻击。我们的方法EPASAD通过使用椭球边界来克服这个问题,从而在各个维度上收紧边界,而球面边界对所有维度都是平等的。我们使用TE-process模拟器和C-town数据集生成的数据集验证EPASAD。结果表明,EPASAD在两个数据集上的平均召回率分别提高了5.8%和9.5%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Cybersecurity
Cybersecurity Computer Science-Information Systems
CiteScore
7.30
自引率
0.00%
发文量
77
审稿时长
9 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信