Anomaly Detection for Industrial Control Systems Based on Neural Networks with One-Class Objective Function

The advent of Internet of Things (IoT) technologies and the prevalence of networked sensors and actuators in many industrial control systems (ICS) have led to the exposure of critical infrastructure in our society to malicious activities and cyber threats. ICS are used to monitor and control critical infrastructure in our society that provide essential services such as electricity, water supply, among others. Programmable logic controllers (PLCs) are embedded devices that automate the processes of industrial control systems. PLCs which serve as the heart of ICS are vulnerable to attacks just like other embedder devices. Because PLCs are widely used to control the physical processes of ICS, attacks against PLCs can cause irreparable damages to enterprises and even loss of lives. However, due to the unique and proprietary architecture of PLCs, it is not easy to apply traditional tools and techniques for PLC protection. In this work, we present a novel unsupervised learning approach for anomaly detection in ICS based on neural networks with one class objective function. This technique combines the abilities of neural networks to learn complex relationships with a one class objective function for separating normal conditions from anomalous operations. We evaluated our model on a recent dataset collected from a real-world ICS: the Secure Water Treatment (SWaT) dataset. The performance of our proposed technique is compared with previous works, and it shows improvements in terms of scalability and attack detection capability, proving that the proposed technique is suitable for use in real ICS scenario

Active Authentication using an Autoencoder regularized CNN-based One-Class Classifier

Active authentication refers to the process in which users are unobtrusively monitored and authenticated continuously throughout their interactions with mobile devices. Generally, an active authentication problem is modelled as a one class classification problem due to the unavailability of data from the impostor users. Normally, the enrolled user is considered as the target class (genuine) and the unauthorized users are considered as unknown classes (impostor). We propose a convolutional neural network (CNN) based approach for one class classification in which a zero centered Gaussian noise and an autoencoder are used to model the pseudo-negative class and to regularize the network to learn meaningful feature representations for one class data, respectively. The overall network is trained using a combination of the cross-entropy and the reconstruction error losses. A key feature of the proposed approach is that any pre-trained CNN can be used as the base network for one class classification. Effectiveness of the proposed framework is demonstrated using three publically available face-based active authentication datasets and it is shown that the proposed method achieves superior performance compared to the traditional one class classification methods. The source code is available at: github.com/otkupjnoz/oc-acnn.Comment: Accepted and to appear at AFGR 201