On the Generation of Anomaly Detection Datasets in Industrial Control Systems

Gómez, Ángel Luis Perales; Maimó, Lorenzo Fernández; Celdrán, Alberto Huertas; Clemente, Félix J. García; Sarmiento, Cristian Cadenas; Masa, Carlos Javier Del Canto; Nistal, Ruben Mendez

doi:10.1109/access.2019.2958284

Cited by 76 publications

(38 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our approach obtained the best recall for Cyber Attack 27; whereas, for Cyber Attacks 2, 10, 11, 22, 26, 30, and 40, it achieved state-of-the-art performance. Regarding Cyber Attacks 7,8,17,23,28,36,37,39, and 41, our performance was, at most, 10% lower than the performance of the rest of the works.…”

Section: Validationmentioning

confidence: 61%

“…Similarly, the authors of [35] presented an IDS based on three models of machine learning (J48, naive Bayes, and RF) to detect Distributed Denials of Service (DDoS) in SCADA systems. In [36], the authors generated a new dataset collected from an electric traction sub-station and tried semi-supervised and supervised ML and DL models to detect anomalies. Among the models tested, we highlight RF, Support Vector Machine (SVM), One-Class Support Vector Machine (OCSVM), IF and DNN.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

et al. 2020

Self Cite

View full text Add to dashboard Cite

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.

show abstract

Section: Validationmentioning

confidence: 61%

Section: Related Workmentioning

confidence: 99%

MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this work, we used an open industrial dataset named Electra, 45,46 which contains protocols like the ones we found on our scenario. Specifically, Electra includes four S7Comm devices and three Modbus TCP devices.…”

Section: Deployment and Experimental Resultsmentioning

confidence: 99%

SafeMan: A unified framework to manage cybersecurity and safety in manufacturing industry

et al. 2020

View full text Add to dashboard Cite

Summary Industrial control systems (ICS) are considered cyber‐physical systems that join both cyber and physical worlds. Due to their tight interaction, where humans and robots co‐work and co‐inhabit in the same workspaces and production lines, cyber‐attacks targeting ICS can alter production processes and even bypass safety procedures. As an example, these cyber‐attacks could interrupt physical industrial processes and cause potential injuries to workers. In this article, we present SafeMan, a unified management framework based on the Edge Computing paradigm that provides high‐performance applications for the detection and mitigation of both cyber‐attacks and safety threats in industrial scenarios. Three use cases show specific threats in manufacturing as well as the SafeMan actions carried out to detect and mitigate them. In order to validate our proposal, a pool of experiments was performed with Electra, an industrial dataset with normal network traffic and different cyber‐attacks by using a given number of Modbus TCP and S7Comm devices. The experiments measured the runtime performance of anomaly detection techniques based on machine learning and deep learning to detect cyber‐attacks in control networks. The experimental results show that Neural Networks report the best performance, being able to examine 217 feature vectors per second over Electra, and therefore demonstrating that it can be used as detection model for SafeMan in real scenarios.

show abstract

“…These elements are applied to a condition of the normal packet data and attack packet data on a testbed environment that represents the actual system. Ongoing Research on SCADA system is presented by Gómez et al [20] about the methodology to generate anomaly detection datasets, the methodology is composed of four steps: attack selection, attack deployment, traffic capture and feature selection. The first and second steps indicate which and how to launch the attacks in the testbed, whereas the third and fourth steps deal with the capture of network traffic from the testbed and the extraction of relevant features.…”

Section: Dataset Issuementioning

confidence: 99%

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Arifin

Susanto²,

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

<p>Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) protocol as many SCADA systems use these two protocols.</p>

show abstract

On the Generation of Anomaly Detection Datasets in Industrial Control Systems

Cited by 76 publications

References 29 publications

MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

SafeMan: A unified framework to manage cybersecurity and safety in manufacturing industry

The trends of supervisory control and data acquisition security challenges in heterogeneous networks

Contact Info

Product

Resources

About