4 research outputs found

    Detección de intrusiones en redes industriales : Evaluación experimental de algoritmos de aprendizaje de máquina

    Get PDF
    Ataques cibernéticos a sistemas industriales de infraestructura crítica son una realidad en la actualidad y sus consecuencias constituyen un riesgo a la continuidad de los negocios, la economía y el bienestar de la población. En este sentido, este trabajo presenta un análisis de implementaciones de sistemas de detección de intrusiones para sistemas industriales y una evaluación experimental de un conjunto de algoritmos, utilizados en dicho tipo de sistemas, aplicando un conjunto de datos obtenido de un sistema industrial de infraestructura crítica. Dicho análisis da énfasis a cuestiones como, algoritmos y conjuntos de datos de evaluación utilizados, parámetros de entrenamiento, ataques ensayados y métricas de evaluación. La evaluación experimental se lleva a cabo sobre un conjunto nueve algoritmos de aprendizaje de máquina utilizando un conjunto de datos con siete tipos de ataques cibernéticos a la red de un sistema industrial del tipo gasoducto en el que se utiliza el protocolo de comunicaciones modbus para la supervisión y el control. Los resultados experimentales mostraron que los algoritmos basados en árboles de decisión arrojan los mejores resultados de clasificación para la métrica de F1-Score.XXIII Workshop agentes y sistemas inteligentes (WASI)Red de Universidades con Carreras en Informátic

    Anomalous behaviour detection for cyber defence in modern industrial control systems

    Get PDF
    A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy.The fusion of pervasive internet connectivity and emerging technologies in smart cities creates fragile cyber-physical-natural ecosystems. Industrial Control Systems (ICS) are intrinsic parts of smart cities and critical to modern societies. Not designed for interconnectivity or security, disruptor technologies enable ubiquitous computing in modern ICS. Aided by artificial intelligence and the industrial internet of things they transform the ICS environment towards better automation, process control and monitoring. However, investigations reveal that leveraging disruptive technologies in ICS creates security challenges exposing critical infrastructure to sophisticated threat actors including increasingly hostile, well-organised cybercrimes and Advanced Persistent Threats. Besides external factors, the prevalence of insider threats includes malicious intent, accidental hazards and professional errors. The sensing capabilities create opportunities to capture various data types. Apart from operational use, this data combined with artificial intelligence can be innovatively utilised to model anomalous behaviour as part of defence-in-depth strategies. As such, this research aims to investigate and develop a security mechanism to improve cyber defence in ICS. Firstly, this thesis contributes a Systematic Literature Review (SLR), which helps analyse frameworks and systems that address CPS’ cyber resilience and digital forensic incident response in smart cities. The SLR uncovers emerging themes and concludes several key findings. For example, the chronological analysis reveals key influencing factors, whereas the data source analysis points to a lack of real CPS datasets with prevalent utilisation of software and infrastructure-based simulations. Further in-depth analysis shows that cross-sector proposals or applications to improve digital forensics focusing on cyber resilience are addressed by a small number of research studies in some smart sectors. Next, this research introduces a novel super learner ensemble anomaly detection and cyber risk quantification framework to profile anomalous behaviour in ICS and derive a cyber risk score. The proposed framework and associated learning models are experimentally validated. The produced results are promising and achieve an overall F1-score of 99.13%, and an anomalous recall score of 99% detecting anomalies lasting only 17 seconds ranging from 0.5% to 89% of the dataset. Further, a one-class classification model is developed, leveraging stream rebalancing followed by adaptive machine learning algorithms and drift detection methods. The model is experimentally validated producing promising results including an overall Matthews Correlation Coefficient (MCC) score of 0.999 and the Cohen’s Kappa (K) score of 0.9986 on limited variable single-type anomalous behaviour per data stream. Wide data streams achieve an MCC score of 0.981 and a K score of 0.9808 in the prevalence of multiple types of anomalous instances. Additionally, the thesis scrutinises the applicability of the learning models to support digital forensic readiness. The research study presents the concept of digital witness and digital chain of custody in ICS. Following that, a use case integrating blockchain technologies into the design of ICS to support digital forensic readiness is discussed. In conclusion, the contributions of this research thesis help towards developing the next generation of state-of-the-art methods for anomalous behaviour detection in ICS defence-in-depth
    corecore