ProIDS: A Segmentation and Segregation-based Process-level Intrusion Detection System for Securing Critical Infrastructures

IF 8.2 1区计算机科学 Q1 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

Computers in Industry Pub Date : 2024-08-21 DOI:10.1016/j.compind.2024.104147

Vikas Maurya , Sandeep Kumar Shukla

{"title":"ProIDS: A Segmentation and Segregation-based Process-level Intrusion Detection System for Securing Critical Infrastructures","authors":"Vikas Maurya , Sandeep Kumar Shukla","doi":"10.1016/j.compind.2024.104147","DOIUrl":null,"url":null,"abstract":"<div><p>Critical infrastructures (CIs) are highly susceptible to cyber threats due to their crucial role in the nation and society. Intrusion Detection Systems (IDS) are deployed at the process level to enhance CI security. These process-level IDSs are broadly categorized into univariate and multivariate systems. Our research underscores that both types of systems encounter limitations, especially in handling correlations among process variables (PVs). Univariate IDSs neglect correlations by assessing PVs in isolation, while multivariate IDSs capture these but are vulnerable to evasion attacks. In response, we introduce ProIDS- a novel segmentation and segregation-based process-level IDS. ProIDS leverages the inherent correlations among PVs while segregating them into distinct units to enhance security against evolving threats. This strategic approach ensures the capture of correlations and mitigates the risk of evasion attacks, enhancing the system’s ability to detect abnormal activities. Additionally, ProIDS offers non-parametric modeling for heightened performance, minimal computational overhead, and noise reduction properties. Our comprehensive experiments demonstrate ProIDS’s superiority over baseline methods, delivering precise detection of various attacks while maintaining operational efficiency.</p></div>","PeriodicalId":55219,"journal":{"name":"Computers in Industry","volume":"163 ","pages":"Article 104147"},"PeriodicalIF":8.2000,"publicationDate":"2024-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers in Industry","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0166361524000757","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Critical infrastructures (CIs) are highly susceptible to cyber threats due to their crucial role in the nation and society. Intrusion Detection Systems (IDS) are deployed at the process level to enhance CI security. These process-level IDSs are broadly categorized into univariate and multivariate systems. Our research underscores that both types of systems encounter limitations, especially in handling correlations among process variables (PVs). Univariate IDSs neglect correlations by assessing PVs in isolation, while multivariate IDSs capture these but are vulnerable to evasion attacks. In response, we introduce ProIDS- a novel segmentation and segregation-based process-level IDS. ProIDS leverages the inherent correlations among PVs while segregating them into distinct units to enhance security against evolving threats. This strategic approach ensures the capture of correlations and mitigates the risk of evasion attacks, enhancing the system’s ability to detect abnormal activities. Additionally, ProIDS offers non-parametric modeling for heightened performance, minimal computational overhead, and noise reduction properties. Our comprehensive experiments demonstrate ProIDS’s superiority over baseline methods, delivering precise detection of various attacks while maintaining operational efficiency.

查看原文本刊更多论文

ProIDS：用于保护关键基础设施的基于分段和隔离的进程级入侵检测系统

关键基础设施 (CI) 在国家和社会中发挥着至关重要的作用，因此极易受到网络威胁。入侵检测系统（IDS）部署在流程层面，以增强 CI 的安全性。这些流程级 IDS 大致分为单变量系统和多变量系统。我们的研究表明，这两类系统都存在局限性，尤其是在处理流程变量（PV）之间的相关性方面。单变量 IDS 通过孤立地评估 PV 忽视了相关性，而多变量 IDS 则捕捉到了这些相关性，但容易受到规避攻击。为此，我们推出了 ProIDS--一种基于分段和隔离的新型进程级 IDS。ProIDS 利用了 PV 之间固有的相关性，同时将它们隔离成不同的单元，以增强对不断演变的威胁的安全性。这种战略方法可确保捕获相关性并降低逃避攻击的风险，从而增强系统检测异常活动的能力。此外，ProIDS 还提供非参数建模，以提高性能、减少计算开销并降低噪音。我们的综合实验证明，ProIDS 比基线方法更胜一筹，能在保持运行效率的同时精确检测各种攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers in Industry 工程技术-计算机：跨学科应用

CiteScore

18.90

自引率

8.00%

发文量

152

审稿时长

22 days

期刊介绍： The objective of Computers in Industry is to present original, high-quality, application-oriented research papers that: • Illuminate emerging trends and possibilities in the utilization of Information and Communication Technology in industry; • Establish connections or integrations across various technology domains within the expansive realm of computer applications for industry; • Foster connections or integrations across diverse application areas of ICT in industry.