71 research outputs found
Anomaly Detection for Industrial Control Systems Based on Neural Networks with One-Class Objective Function
The advent of Internet of Things (IoT) technologies and the prevalence of networked sensors and actuators in many industrial control systems (ICS) have led to the exposure of critical infrastructure in our society to malicious activities and cyber threats. ICS are used to monitor and control critical infrastructure in our society that provide essential services such as electricity, water supply, among others. Programmable logic controllers (PLCs) are embedded devices that automate the processes of industrial control systems. PLCs which serve as the heart of ICS are vulnerable to attacks just like other embedder devices. Because PLCs are widely used to control the physical processes of ICS, attacks against PLCs can cause irreparable damages to enterprises and even loss of lives. However, due to the unique and proprietary architecture of PLCs, it is not easy to apply traditional tools and techniques for PLC protection. In this work, we present a novel unsupervised learning approach for anomaly detection in ICS based on neural networks with one class objective function. This technique combines the abilities of neural networks to learn complex relationships with a one class objective function for separating normal conditions from anomalous operations. We evaluated our model on a recent dataset collected from a real-world ICS: the Secure Water Treatment (SWaT) dataset. The performance of our proposed technique is compared with previous works, and it shows improvements in terms of scalability and attack detection capability, proving that the proposed technique is suitable for use in real ICS scenario
Active Authentication using an Autoencoder regularized CNN-based One-Class Classifier
Active authentication refers to the process in which users are unobtrusively
monitored and authenticated continuously throughout their interactions with
mobile devices. Generally, an active authentication problem is modelled as a
one class classification problem due to the unavailability of data from the
impostor users. Normally, the enrolled user is considered as the target class
(genuine) and the unauthorized users are considered as unknown classes
(impostor). We propose a convolutional neural network (CNN) based approach for
one class classification in which a zero centered Gaussian noise and an
autoencoder are used to model the pseudo-negative class and to regularize the
network to learn meaningful feature representations for one class data,
respectively. The overall network is trained using a combination of the
cross-entropy and the reconstruction error losses. A key feature of the
proposed approach is that any pre-trained CNN can be used as the base network
for one class classification. Effectiveness of the proposed framework is
demonstrated using three publically available face-based active authentication
datasets and it is shown that the proposed method achieves superior performance
compared to the traditional one class classification methods. The source code
is available at: github.com/otkupjnoz/oc-acnn.Comment: Accepted and to appear at AFGR 201
- …