GNN-based Advanced Feature Integration for ICS Anomaly Detection

IF 7.2 4区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

ACM Transactions on Intelligent Systems and Technology Pub Date : 2023-09-05 DOI:10.1145/3620676

Shuaiyi L(y)u, Kai Wang, Yuliang Wei, Hongri Liu, Qilin Fan, Bailing Wang

{"title":"GNN-based Advanced Feature Integration for ICS Anomaly Detection","authors":"Shuaiyi L(y)u, Kai Wang, Yuliang Wei, Hongri Liu, Qilin Fan, Bailing Wang","doi":"10.1145/3620676","DOIUrl":null,"url":null,"abstract":"Recent adversaries targeting the Industrial Control Systems (ICSs) have started exploiting their sophisticated inherent contextual semantics such as the data associativity among heterogeneous field devices. In light of the subtlety rendered in these semantics, anomalies triggered by such interactions tend to be extremely covert, hence giving rise to extensive challenges in their detection. Driven by the critical demands of securing ICS processes, a Graph-Neural-Network (GNN) based method is presented to tackle these subtle hostilities by leveraging an ICS’s advanced contextual features refined from a universal perspective, rather than exclusively following GNN’s conventional local aggregation paradigm. Specifically, we design and implement the Graph Sample-and-Integrate Network (GSIN), a general chained framework performing node-level anomaly detection via advanced feature integration, which combines a node’s local awareness with the graph’s prominent global properties extracted via process-oriented pooling. The proposed GSIN is evaluated on multiple well-known datasets with different kinds of integration configurations, and results demonstrate its superiority consistently on not only anomaly detection performance (e.g., F1 score and AUPRC) but also runtime efficiency over recent representative baselines.","PeriodicalId":48967,"journal":{"name":"ACM Transactions on Intelligent Systems and Technology","volume":" ","pages":""},"PeriodicalIF":7.2000,"publicationDate":"2023-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Intelligent Systems and Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3620676","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Recent adversaries targeting the Industrial Control Systems (ICSs) have started exploiting their sophisticated inherent contextual semantics such as the data associativity among heterogeneous field devices. In light of the subtlety rendered in these semantics, anomalies triggered by such interactions tend to be extremely covert, hence giving rise to extensive challenges in their detection. Driven by the critical demands of securing ICS processes, a Graph-Neural-Network (GNN) based method is presented to tackle these subtle hostilities by leveraging an ICS’s advanced contextual features refined from a universal perspective, rather than exclusively following GNN’s conventional local aggregation paradigm. Specifically, we design and implement the Graph Sample-and-Integrate Network (GSIN), a general chained framework performing node-level anomaly detection via advanced feature integration, which combines a node’s local awareness with the graph’s prominent global properties extracted via process-oriented pooling. The proposed GSIN is evaluated on multiple well-known datasets with different kinds of integration configurations, and results demonstrate its superiority consistently on not only anomaly detection performance (e.g., F1 score and AUPRC) but also runtime efficiency over recent representative baselines.

查看原文本刊更多论文

基于GNN的ICS异常检测高级特征集成

最近针对工业控制系统（ICSs）的对手已经开始利用其复杂的固有上下文语义，例如异构现场设备之间的数据关联性。鉴于这些语义中的微妙之处，由这种交互触发的异常往往是极其隐蔽的，因此在检测它们方面带来了广泛的挑战。在保护ICS过程的关键需求的驱动下，提出了一种基于图神经网络（GNN）的方法，通过利用从通用角度提炼的ICS的高级上下文特征，而不是完全遵循GNN的传统局部聚合范式，来解决这些微妙的敌对行为。具体而言，我们设计并实现了图样本和集成网络（GSIN），这是一个通过高级特征集成执行节点级异常检测的通用链式框架，它将节点的局部感知与通过面向过程的池提取的图的突出全局属性相结合。在具有不同集成配置的多个知名数据集上对所提出的GSIN进行了评估，结果一致地表明，与最近的代表性基线相比，它不仅在异常检测性能（例如F1分数和AUPRC）方面具有优势，而且在运行时效率方面也具有优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Intelligent Systems and Technology COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-COMPUTER SCIENCE, INFORMATION SYSTEMS

CiteScore

9.30

自引率

2.00%

发文量

131

期刊介绍： ACM Transactions on Intelligent Systems and Technology is a scholarly journal that publishes the highest quality papers on intelligent systems, applicable algorithms and technology with a multi-disciplinary perspective. An intelligent system is one that uses artificial intelligence (AI) techniques to offer important services (e.g., as a component of a larger system) to allow integrated systems to perceive, reason, learn, and act intelligently in the real world. ACM TIST is published quarterly (six issues a year). Each issue has 8-11 regular papers, with around 20 published journal pages or 10,000 words per paper. Additional references, proofs, graphs or detailed experiment results can be submitted as a separate appendix, while excessively lengthy papers will be rejected automatically. Authors can include online-only appendices for additional content of their published papers and are encouraged to share their code and/or data with other readers.