Analysis of Intrusion Detection in Control System Communication Based on Outlier Detection with One-Class Classifiers

Onoda, Takashi; Kiuchi, Mai

doi:10.1007/978-3-642-34500-5_33

Cited by 8 publications

(9 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method provided excellent potential ability for further research and development toward practical tools to protect the SCADA systems. T. Onoda and M. Kiuchi applied OCSVM and SVDD to intrusion detection in an experimental control system network, and compared the differences between the classifications; the experiments clarified that sequence information in control system communication was very important to detect some intrusion attacks. Y.G.…”

Section: Related Workmentioning

confidence: 99%

“…Current fitness of the particle is determined by the position vector of the particle, and current individual optimal value and group optimal value are determined by comparing the fitness of each generation. Speed and position of a particle are updated by the following equations :

V^{k + 1} = ω V^{k} + c_{1} r_{1} ((), P^{k} - X^{k}) + c_{2} r_{2} ((), G^{k} - X^{k})

X^{k + 1} = X^{k} + V^{k + 1} .

…”

Section: One‐class Support Vector Machine Algorithm For Intrusion Detmentioning

confidence: 99%

See 1 more Smart Citation

Intrusion detection algorithm based on OCSVM in industrial control system

Shang

Zeng

Wan

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

In order to detect abnormal communication behaviors efficiently in today's industrial control system, a new intrusion detection algorithm based on One-Class Support Vector Machine (OCSVM) is proposed in this paper. In this algorithm, a normal communication behavior model is established by using OCSVM, and the Particle Swarm Optimization algorithm is designed to optimize OCSVM model parameters. Furthermore, we adopt the normal Modbus function code sequence to train OCSVM model, and then use this model to detect abnormal Modbus TCP traffic. Our simulation results show that the proposed algorithm not only is efficient and reliable but also meets the real-time requirements of anomaly detection in industrial control system.

show abstract

Section: Related Workmentioning

confidence: 99%

V^{k + 1} = ω V^{k} + c_{1} r_{1} ((), P^{k} - X^{k}) + c_{2} r_{2} ((), G^{k} - X^{k})

X^{k + 1} = X^{k} + V^{k + 1} .

…”

Section: One‐class Support Vector Machine Algorithm For Intrusion Detmentioning

confidence: 99%

Intrusion detection algorithm based on OCSVM in industrial control system

Shang

Zeng

Wan

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

show abstract

“…Secondly, as seen in our analysis in Table 5.1, a one class classifier could cause high adversarial certainty, making attack detection and recovery difficult. Most works on the security of classifiers advocate inclusion of all orthogonal information, to make the system more restrictive and therefore more secure [2,40,71,72,92,190]. However, these works approach the security In a dynamic environment, it is necessary to maintain adversarial uncertainty, so as to ensure that attacks can be recovered from.…”

Section: Experimental Setup and Protocolmentioning

confidence: 99%

“…However, it also leads to an adversarial certainty of 100%, implying that any successful attack will lead to a data nullification and subsequent inability of the defender to recover from such attacks. Thus, as opposed to common belief in cybersecurity[190], a more restrictive classifiers could be a bad strategy, when considering a dynamic and adversarial environment. The one class model on the set of malicious training data, represents the other end of the spectrum, where a boundary is drawn around the malicious class samples.This model makes evasion easier, but ensures high adversarial uncertainty.…”

mentioning

confidence: 95%

“…The experiments are performed using python and the scikit-learn machine learning library [149]. 5.4.2 Analyzing effects of using a restrictive one-class classifier for the defender's modelIn adversarial domains, restricting the space of samples classified as Legitimate, is considered an effective defense strategy[92,190]. By tightly restricting what data points are qualified as legitimate, the ability of random probing based attacks is significantly reduced.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Dynamic adversarial mining - effectively applying machine learning in adversarial non-stationary environments.

Sethi¹

View full text Add to dashboard Cite

show abstract

A dynamic‐adversarial mining approach to the security of machine learning

Sethi

Kantardzic

Lyu

et al. 2018

WIREs Data Min & Knowl

View full text Add to dashboard Cite

Operating in a dynamic real‐world environment requires a forward thinking and adversarial aware design for classifiers beyond fitting the model to the training data. In such scenarios, it is necessary to make classifiers such that they are: (a) harder to evade, (b) easier to detect changes in the data distribution over time, and (c) be able to retrain and recover from model degradation. While most works in the security of machine learning have concentrated on the evasion resistance problem (a), there is little work in the areas of reacting to attacks (b) and (c). Additionally, while streaming data research concentrates on the ability to react to changes to the data distribution, they often take an adversarial agnostic view of the security problem. This makes them vulnerable to adversarial activity, which is aimed toward evading the concept drift detection mechanism itself. In this paper, we analyze the security of machine learning from a dynamic and adversarial aware perspective. The existing techniques of restrictive one‐class classifier models, complex learning‐based ensemble models, and randomization‐based ensemble models are shown to be myopic as they approach security as a static task. These methodologies are ill suited for a dynamic environment, as they leak excessive information to an adversary who can subsequently launch attacks which are indistinguishable from the benign data. Based on empirical vulnerability analysis against a sophisticated adversary, a novel feature importance hiding approach for classifier design is proposed. The proposed design ensures that future attacks on classifiers can be detected and recovered from. The proposed work provides motivation, by serving as a blueprint, for future work in the area of dynamic‐adversarial mining, which combines lessons learned from streaming data mining, adversarial learning, and cybersecurity. This article is categorized under: Technologies > Machine Learning Technologies > Classification Fundamental Concepts of Data and Knowledge > Motivation and Emergence of Data Mining

show abstract

Analysis of Intrusion Detection in Control System Communication Based on Outlier Detection with One-Class Classifiers

Cited by 8 publications

References 2 publications

Intrusion detection algorithm based on OCSVM in industrial control system

Intrusion detection algorithm based on OCSVM in industrial control system

Dynamic adversarial mining - effectively applying machine learning in adversarial non-stationary environments.

A dynamic‐adversarial mining approach to the security of machine learning

Contact Info

Product

Resources

About