3,533 research outputs found
Multi-Source Data Fusion for Cyberattack Detection in Power Systems
Cyberattacks can cause a severe impact on power systems unless detected
early. However, accurate and timely detection in critical infrastructure
systems presents challenges, e.g., due to zero-day vulnerability exploitations
and the cyber-physical nature of the system coupled with the need for high
reliability and resilience of the physical system. Conventional rule-based and
anomaly-based intrusion detection system (IDS) tools are insufficient for
detecting zero-day cyber intrusions in the industrial control system (ICS)
networks. Hence, in this work, we show that fusing information from multiple
data sources can help identify cyber-induced incidents and reduce false
positives. Specifically, we present how to recognize and address the barriers
that can prevent the accurate use of multiple data sources for fusion-based
detection. We perform multi-source data fusion for training IDS in a
cyber-physical power system testbed where we collect cyber and physical side
data from multiple sensors emulating real-world data sources that would be
found in a utility and synthesizes these into features for algorithms to detect
intrusions. Results are presented using the proposed data fusion application to
infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks.
Post collection, the data fusion application uses time-synchronized merge and
extracts features followed by pre-processing such as imputation and encoding
before training supervised, semi-supervised, and unsupervised learning models
to evaluate the performance of the IDS. A major finding is the improvement of
detection accuracy by fusion of features from cyber, security, and physical
domains. Additionally, we observed the co-training technique performs at par
with supervised learning methods when fed with our features
Deep Predictive Coding Neural Network for RF Anomaly Detection in Wireless Networks
Intrusion detection has become one of the most critical tasks in a wireless
network to prevent service outages that can take long to fix. The sheer variety
of anomalous events necessitates adopting cognitive anomaly detection methods
instead of the traditional signature-based detection techniques. This paper
proposes an anomaly detection methodology for wireless systems that is based on
monitoring and analyzing radio frequency (RF) spectrum activities. Our
detection technique leverages an existing solution for the video prediction
problem, and uses it on image sequences generated from monitoring the wireless
spectrum. The deep predictive coding network is trained with images
corresponding to the normal behavior of the system, and whenever there is an
anomaly, its detection is triggered by the deviation between the actual and
predicted behavior. For our analysis, we use the images generated from the
time-frequency spectrograms and spectral correlation functions of the received
RF signal. We test our technique on a dataset which contains anomalies such as
jamming, chirping of transmitters, spectrum hijacking, and node failure, and
evaluate its performance using standard classifier metrics: detection ratio,
and false alarm rate. Simulation results demonstrate that the proposed
methodology effectively detects many unforeseen anomalous events in real time.
We discuss the applications, which encompass industrial IoT, autonomous vehicle
control and mission-critical communications services.Comment: 7 pages, 7 figures, Communications Workshop ICC'1
Support Vector Machine for Network Intrusion and Cyber-Attack Detection
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features
- …