Optimal Thresholds for Anomaly-Based Intrusion Detection in Dynamical Environments

Ghafouri, Amin; Abbas, Waseem; Lászka, Áron; Vorobeychik, Yevgeniy; Koutsoukos, Xenofon

doi:10.1007/978-3-319-47413-7_24

Cited by 27 publications

(20 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A simple way to combat the difficulty of threshold setting is by using multiple thresholds, representing varying degrees of confidence. Advanced threshold setting models such as Laszka et al (2016) and Ghafouri et al (2016) can be coupled with the proposed VAE model in future studies for optimal threshold setting. Ghafouri et al (2016) used a game-theoretic setup to solve the problem of finding time-varying optimal detection thresholds in dynamical environments, with a numerical demonstration on water distribution systems.…”

Section: Discussionmentioning

confidence: 99%

“…Advanced threshold setting models such as Laszka et al (2016) and Ghafouri et al (2016) can be coupled with the proposed VAE model in future studies for optimal threshold setting. Ghafouri et al (2016) used a game-theoretic setup to solve the problem of finding time-varying optimal detection thresholds in dynamical environments, with a numerical demonstration on water distribution systems. The new mechanism can also use a secondary set of data (e.g., the BATADAL Training Dataset #2, which is found in Taormina et al 2018) for evaluation and adjustment of the optimal thresholds found.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Cyberattack Detection Using Deep Generative Models with Variational Inference

Chandy

Rasekh

Barker

et al. 2019

J. Water Resour. Plann. Manage.

View full text Add to dashboard Cite

Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model's generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Cyberattack Detection Using Deep Generative Models with Variational Inference

Chandy

Rasekh

Barker

et al. 2019

J. Water Resour. Plann. Manage.

View full text Add to dashboard Cite

show abstract

“…e paper shows that computing optimal a acks and defenses is computationally expensive, and proposes heuristic algorithms for computing near-optimal strategies. Further, the work in [6] studies the problem of nding optimal thresholds for anomaly-based detectors implemented in dynamical systems in the face of strategic a acks. e paper provides algorithms to compute optimal thresholds that minimize losses considering best-response a acks.…”

Section: Related Workmentioning

confidence: 99%

Optimal detection of faulty traffic sensors used in route planning

Ghafouri

Lászka

Dubey

et al. 2017

Proceedings of the 2nd International Workshop on Science of Smart City Operations and Platforms Engineering

Self Cite

View full text Add to dashboard Cite

In a smart city, real-time tra c sensors may be deployed for various applications, such as route planning. Unfortunately, sensors are prone to failures, which result in erroneous tra c data. Erroneous data can adversely a ect applications such as route planning, and can cause increased travel time. To minimize the impact of sensor failures, we must detect them promptly and accurately. However, typical detection algorithms may lead to a large number of false positives (i.e., false alarms) and false negatives (i.e., missed detections), which can result in suboptimal route planning. In this paper, we devise an e ective detector for identifying faulty tra c sensors using a prediction model based on Gaussian Processes. Further, we present an approach for computing the optimal parameters of the detector which minimize losses due to false-positive and falsenegative errors. We also characterize critical sensors, whose failure can have high impact on the route planning application. Finally, we implement our method and evaluate it numerically using a realworld dataset and the route planning platform OpenTripPlanner. CCS CONCEPTS•Computer systems organization → Embedded and cyberphysical systems; Dependable and fault-tolerant systems and networks; • eory of computation → Gaussian processes; KEYWORDS fault detection, cyber-physical systems, smart city, route planning ACM Reference format:

show abstract

“…In (Ghafouri et al, 2016), the authors find the optimal threshold, using an exhaustive search, for anomaly-based intrusion detection in dynamical environments, but this is done based on the strong assumption that the expected damage incurred by a system from an undetected attack at any instant in time is known. This is a common problem with binary intrusion detection approaches.…”

Section: Introduction and Related Workmentioning

confidence: 99%

Security-Aware Design of Cyber-Physical Systems for Control Applications

Mahfouzi

2021

Linköping Studies in Science and Technology. Dissertations

View full text Add to dashboard Cite

Cyberfysiska system interagerar med den fysiska och digitala världen. Cyberfysiska system innehåller ofta ett flertal styrsystem. Dessa system är uppkopplade till Internet och är därför särskilt sårbara mot cyberattacker. Flera attacker är särskilt riktade mot styrsystem. Denna avhandling fokuserar på säkerhetshot mot styrsystem i cyberfysiska system. Vi presenterar unika tillstånd för styrsystem som används till att utveckla system för att upptäcka, förhindra och mildra attacker mot cyberfysiska system. Vi påvisar även säkerhetsutmaningar baserade på icke-intuitiva tids-och fördröjningsberoenden som skapas då ett flertal styrsystem delar resurser. Vidare så tar vi hänsyn till realtidskommunikation för reglerapplikationer som implementeras på ett underliggande datornätverk där vi schemalägger och dirigerar meddelanden på så sätt att säkerheten maximeras. Till sist behandlar vi säkerhetsutmaningar som uppstår då reglerapplikationer i cyberfysiska system allokeras som molntjänster via Internet. Denna avhandling innehåller experiment som påvisar effektiviteten av verifierbar beräkning för att i realtid verifiera molntjänstens beräkningar.

show abstract

Optimal Thresholds for Anomaly-Based Intrusion Detection in Dynamical Environments

Cited by 27 publications

References 20 publications

Cyberattack Detection Using Deep Generative Models with Variational Inference

Cyberattack Detection Using Deep Generative Models with Variational Inference

Optimal detection of faulty traffic sensors used in route planning

Security-Aware Design of Cyber-Physical Systems for Control Applications

Contact Info

Product

Resources

About