A Study on High-Speed Outlier Detection Method of Network Abnormal Behavior Data Using Heterogeneous Multiple Classifiers

Cho, Jaeik; Gong, Seonghyeon; Choi, Ken

doi:10.3390/app12031011

Cited by 4 publications

(1 citation statement)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed framework performs dynamic data abstraction through the entropy analysis and window adjustment described earlier. Through prior research [31], we have verified that using noise reduction enables the effective training of an anomaly detection model. The framework suggested in this paper proposes a methodology that can train an anomaly detection model more effectively through dynamic data abstraction based on noise reduction.…”

Section: Data Abstraction Using Noise Reductionmentioning

confidence: 80%

Dynamic Data Abstraction-Based Anomaly Detection for Industrial Control Systems

Cho,

Gong

2023

Electronics

Self Cite

View full text Add to dashboard Cite

Industrial control systems (ICS) are critical networks directly linked to the value of core national and societal assets, yet they are increasingly becoming primary targets for numerous cyberattacks today. The ICS network, a fusion of operational technology (OT) and information technology (IT) networks, possesses a broad attack vector, and attacks targeting ICS often take the form of advanced persistent threats (APTs) exploiting zero-day vulnerabilities. However, most existing ICS security techniques have been adaptations of security technologies for IT networks, and security measures tailored to the characteristics of ICS data are currently insufficient. To mitigate cyber threats to ICS networks, this paper proposes an anomaly detection technique based on dynamic data abstraction. The proposed method abstracts ICS data collected in real time using a dynamic data abstraction technique based on noise reduction. The abstracted data are then used to optimize both the update rate and the detection accuracy of the anomaly detection model through model adaptation and incremental learning processes. The proposed approach updates the model by quickly reflecting data on new attack patterns and their distributions, effectively shortening the dwell time in response to APTs utilizing zero-day vulnerabilities. We demonstrate the attack response performance and detection accuracy of the proposed dynamic data abstraction-based anomaly detection technique through experiments using the SWaT dataset generated from a testbed of an actual ICS process. The experiments show that the proposed model achieves high accuracy with a small number of abstracted data while rapidly learning new attack pattern data in real-time without compromising accuracy. The proposed technique can effectively respond to cyberattacks targeting ICS by quickly learning and reflecting trends in attack patterns that exploit zero-day vulnerabilities.

show abstract

Section: Data Abstraction Using Noise Reductionmentioning

confidence: 80%