Lingzi Zhu , Bo Zhao , Weidong Li , Yixuan Wang , Yang An
{"title":"TICPS: A trustworthy collaborative intrusion detection framework for industrial cyber–physical systems","authors":"Lingzi Zhu , Bo Zhao , Weidong Li , Yixuan Wang , Yang An","doi":"10.1016/j.adhoc.2024.103517","DOIUrl":null,"url":null,"abstract":"<div><p>The networking of industrial cyber–physical systems (CPS) introduces increased security vulnerabilities, necessitating advanced intrusion detection systems (IDS). Many current studies aiming to enhance IDS capabilities leverage Federated Learning (FL) technology for collaborative intrusion detection. However, devices deployed in an industrial setting in a distributed manner are vulnerable to cyber and poisoning attacks. Compromised clients can create malicious parameters to disrupt intrusion detection models, making them ineffective in identifying attacks. Nevertheless, existing FL-based intrusion detection methods exhibit suboptimal performance in detecting malicious clients and resisting poisoning attacks. To address these issues, we propose TICPS, a collaborative intrusion detection framework based on a trustworthy model update strategy to detect cyber threats from industrial CPS. The framework enables multiple industrial CPS to collaboratively construct an intrusion detection model and evaluate the security of each industrial CPS node using an update evaluation mechanism, ensuring effective intrusion detection even in the presence of poisoning. Extensive experiments on real-world industrial CPS datasets demonstrate that TICPS can effectively detect various types of cyber threats targeting industrial CPS. In particular, the framework achieves an intrusion detection accuracy of 94% even when the proportion of malicious agents reaches 80% under three typical poisoning attacks.</p></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870524001288","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The networking of industrial cyber–physical systems (CPS) introduces increased security vulnerabilities, necessitating advanced intrusion detection systems (IDS). Many current studies aiming to enhance IDS capabilities leverage Federated Learning (FL) technology for collaborative intrusion detection. However, devices deployed in an industrial setting in a distributed manner are vulnerable to cyber and poisoning attacks. Compromised clients can create malicious parameters to disrupt intrusion detection models, making them ineffective in identifying attacks. Nevertheless, existing FL-based intrusion detection methods exhibit suboptimal performance in detecting malicious clients and resisting poisoning attacks. To address these issues, we propose TICPS, a collaborative intrusion detection framework based on a trustworthy model update strategy to detect cyber threats from industrial CPS. The framework enables multiple industrial CPS to collaboratively construct an intrusion detection model and evaluate the security of each industrial CPS node using an update evaluation mechanism, ensuring effective intrusion detection even in the presence of poisoning. Extensive experiments on real-world industrial CPS datasets demonstrate that TICPS can effectively detect various types of cyber threats targeting industrial CPS. In particular, the framework achieves an intrusion detection accuracy of 94% even when the proportion of malicious agents reaches 80% under three typical poisoning attacks.
期刊介绍:
The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to:
Mobile and Wireless Ad Hoc Networks
Sensor Networks
Wireless Local and Personal Area Networks
Home Networks
Ad Hoc Networks of Autonomous Intelligent Systems
Novel Architectures for Ad Hoc and Sensor Networks
Self-organizing Network Architectures and Protocols
Transport Layer Protocols
Routing protocols (unicast, multicast, geocast, etc.)
Media Access Control Techniques
Error Control Schemes
Power-Aware, Low-Power and Energy-Efficient Designs
Synchronization and Scheduling Issues
Mobility Management
Mobility-Tolerant Communication Protocols
Location Tracking and Location-based Services
Resource and Information Management
Security and Fault-Tolerance Issues
Hardware and Software Platforms, Systems, and Testbeds
Experimental and Prototype Results
Quality-of-Service Issues
Cross-Layer Interactions
Scalability Issues
Performance Analysis and Simulation of Protocols.