An anomaly-based approach for cyber–physical threat detection using network and sensor data

IF 4.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-02-06 DOI:10.1016/j.comcom.2025.108087

Roberto Canonico, Giovanni Esposito, Annalisa Navarro, Simon Pietro Romano, Giancarlo Sperlí, Andrea Vignali

{"title":"An anomaly-based approach for cyber–physical threat detection using network and sensor data","authors":"Roberto Canonico, Giovanni Esposito, Annalisa Navarro, Simon Pietro Romano, Giancarlo Sperlí, Andrea Vignali","doi":"10.1016/j.comcom.2025.108087","DOIUrl":null,"url":null,"abstract":"<div><div>Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"234 ","pages":"Article 108087"},"PeriodicalIF":4.5000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425000441","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.