The prevalence of Internet-of-Things (IoT) technologies and the ubiquity of networked sensors and actuators in many industrial control systems (ICS) have led to the exposure of critical infrastructure in our society to malicious activities and cyber threats. Programmable logic controllers (PLCs) are embedded devices that automate ICS processes. PLCs, which serve as the heart of ICS, are vulnerable to attacks and system malfunctions like other embedded devices. Because PLCs are widely used to control ICS physical processes, attacks against PLCs can cause irreparable damage to enterprises and even loss of life. However, due to the unique and proprietary architecture of PLCs, it is not easy to apply traditional tools and techniques for PLC protection. This work presents an unsupervised learning approach for anomaly detection in ICS based on neural networks with one class objective function and additional regularization term. This technique combines the abilities of neural networks to learn complex relationships with a one-class objective function and a regularization term for separating normal conditions from anomalous operations. The newly introduced regularization term provides a model-tuning mechanism based on specific industrial requirements and performance metrics of interest (i.e., precision or recall). The model was evaluated on a recent real-world ICS dataset: the Secure Water Treatment (SWaT) dataset. The proposed technique's performance is compared with previous work, showing improvements in terms of scalability and attack detection capability, proving that the proposed technique is suitable for use in real ICS scenarios. The proposed method with the regularization term demonstrated superior recall values in 15 out of the 36 attack scenarios in the SWaT dataset, which is the largest of any published methods in the literature. A qualitative analysis of the proposed technique on the SWaT security showdown event data further proves the technique's high anomaly detection ability on real-time injected attacks.INDEX TERMS Anomaly detection, artificial neural networks, cyber-physical system, cybersecurity, industrial control systems.
The security of programmable logic controllers (PLCs) that control industrial systems is becoming increasingly critical due to the ubiquity of the Internet of Things technologies and increasingly nefarious cyber-attack activity. Conventional techniques for safeguarding PLCs are difficult due to their unique architectures. This work proposes a one-class support vector machine, one-class neural network interconnected in a feed-forward manner, and isolation forest approaches for verifying PLC process integrity by monitoring PLC memory addresses. A comprehensive experiment is conducted using an open-source PLC subjected to multiple attack scenarios. A new histogram-based approach is introduced to visualize anomaly detection algorithm performance and prediction confidence. Comparative performance analyses of the proposed algorithms using decision scores and prediction confidence are presented. Results show that isolation forest outperforms one-class neural network, one-class support vector machine, and previous work, in terms of accuracy, precision, recall, and F1-score on seven attack scenarios considered. Statistical hypotheses tests involving analysis of variance and Tukey’s range test were used to validate the presented results.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.