An anomaly-based approach for cyber–physical threat detection using network and sensor data

IF 4.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-02-06 DOI:10.1016/j.comcom.2025.108087

Roberto Canonico, Giovanni Esposito, Annalisa Navarro, Simon Pietro Romano, Giancarlo Sperlí, Andrea Vignali

{"title":"An anomaly-based approach for cyber–physical threat detection using network and sensor data","authors":"Roberto Canonico, Giovanni Esposito, Annalisa Navarro, Simon Pietro Romano, Giancarlo Sperlí, Andrea Vignali","doi":"10.1016/j.comcom.2025.108087","DOIUrl":null,"url":null,"abstract":"<div><div>Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"234 ","pages":"Article 108087"},"PeriodicalIF":4.5000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425000441","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.

查看原文本刊更多论文

基于异常的网络物理威胁检测方法，利用网络和传感器数据

信息物理系统（cps）集成了物理领域和网络领域，为入侵者扩大了潜在的攻击面。考虑到它们在工业控制系统（ics）等关键基础设施中的部署，确保强大的安全性势在必行。目前的研究开发了各种入侵检测技术来识别和对抗恶意活动。然而，由于传统方法依赖于单一数据源，例如来自传感器和执行器的时间序列数据，因此在检测多种攻击类型时经常遇到挑战。在这项研究中，我们精心设计了先进的深度学习（DL）基于异常的技术，该技术在无监督设置中训练传感器/执行器数据或网络流量统计数据。我们在从现实世界的CPS同时收集的网络和物理数据上评估这些技术。通过精细的超参数调优，我们确定了每个模型的最优参数，并比较了它们在检测不同类型攻击时的效率和有效性。除了展示与各种基线相比的优越性能外，我们还展示了每个数据源的最佳模型。最后，我们展示了如何利用不同的数据源来增强网络威胁检测，识别不同类型的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.