Selen Ayas , Mustafa Sinasi Ayas , Bora Cavdar , Ali Kivanc Sahin
{"title":"基于深度神经网络方法的工业控制系统网络攻击检测","authors":"Selen Ayas , Mustafa Sinasi Ayas , Bora Cavdar , Ali Kivanc Sahin","doi":"10.1016/j.jisa.2025.104206","DOIUrl":null,"url":null,"abstract":"<div><div>Historical cases demonstrate the growing cybersecurity threats associated with water distribution and treatment systems, which are essential components of infrastructure. Detecting anomalies in time series data from industrial control systems has become an important issue due to its significance. This paper proposes an anomaly detection approach that utilizes statistical measurements and the relationship between observed and predicted values of deep neural network (DNN) models. To achieve this goal, we compared several convolutional and recurrent DNN architectures, including convolutional neural network (CNN), long short-term memory (LSTM), recurrent neural network (RNN), and gated recurrent unit (GRU) models. Our aim was to automatically learn the relationships between sensors from time series data, improve detection performance, and quickly extract long-term and short-term dependencies to help detect possible anomalies. The performances of the DNN models on two real water system datasets, Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets, were analyzed. The results indicate that the GRU model is more efficient than the other models in reducing the absolute error between the predicted and observed values, when evaluated in terms of prediction performance for both datasets. Additionally, the RNN model demonstrated successful anomaly detection with high F1-score values of 0.9848 and 0.7651 for SWaT and WADI datasets. The study provides valuable information on how to secure water networks against online attacks through extensive testing and comparative evaluation.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104206"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting cyberattacks based on deep neural network approaches in industrial control systems\",\"authors\":\"Selen Ayas , Mustafa Sinasi Ayas , Bora Cavdar , Ali Kivanc Sahin\",\"doi\":\"10.1016/j.jisa.2025.104206\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Historical cases demonstrate the growing cybersecurity threats associated with water distribution and treatment systems, which are essential components of infrastructure. Detecting anomalies in time series data from industrial control systems has become an important issue due to its significance. This paper proposes an anomaly detection approach that utilizes statistical measurements and the relationship between observed and predicted values of deep neural network (DNN) models. To achieve this goal, we compared several convolutional and recurrent DNN architectures, including convolutional neural network (CNN), long short-term memory (LSTM), recurrent neural network (RNN), and gated recurrent unit (GRU) models. Our aim was to automatically learn the relationships between sensors from time series data, improve detection performance, and quickly extract long-term and short-term dependencies to help detect possible anomalies. The performances of the DNN models on two real water system datasets, Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets, were analyzed. The results indicate that the GRU model is more efficient than the other models in reducing the absolute error between the predicted and observed values, when evaluated in terms of prediction performance for both datasets. Additionally, the RNN model demonstrated successful anomaly detection with high F1-score values of 0.9848 and 0.7651 for SWaT and WADI datasets. The study provides valuable information on how to secure water networks against online attacks through extensive testing and comparative evaluation.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"94 \",\"pages\":\"Article 104206\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625002431\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002431","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Detecting cyberattacks based on deep neural network approaches in industrial control systems
Historical cases demonstrate the growing cybersecurity threats associated with water distribution and treatment systems, which are essential components of infrastructure. Detecting anomalies in time series data from industrial control systems has become an important issue due to its significance. This paper proposes an anomaly detection approach that utilizes statistical measurements and the relationship between observed and predicted values of deep neural network (DNN) models. To achieve this goal, we compared several convolutional and recurrent DNN architectures, including convolutional neural network (CNN), long short-term memory (LSTM), recurrent neural network (RNN), and gated recurrent unit (GRU) models. Our aim was to automatically learn the relationships between sensors from time series data, improve detection performance, and quickly extract long-term and short-term dependencies to help detect possible anomalies. The performances of the DNN models on two real water system datasets, Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets, were analyzed. The results indicate that the GRU model is more efficient than the other models in reducing the absolute error between the predicted and observed values, when evaluated in terms of prediction performance for both datasets. Additionally, the RNN model demonstrated successful anomaly detection with high F1-score values of 0.9848 and 0.7651 for SWaT and WADI datasets. The study provides valuable information on how to secure water networks against online attacks through extensive testing and comparative evaluation.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.