Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data

The Industrial Internet of Things drastically increases connectivity of devices in industrial applications. In addition to the benefits in efficiency, scalability and ease of use, this creates novel attack surfaces. Historically, industrial networks and protocols do not contain means of security, such as authentication and encryption, that are made necessary by this development. Thus, industrial IT-security is needed. In this work, emulated industrial network data is transformed into a time series and analysed with three different algorithms. The data contains labeled attacks, so the performance can be evaluated. Matrix Profiles perform well with almost no parameterisation needed. Seasonal Autoregressive Integrated Moving Average performs well in the presence of noise, requiring parameterisation effort. Long Short Term Memory-based neural networks perform mediocre while requiring a high training- and parameterisation effort.Comment: Extended version of a publication in the 2018 IEEE International Conference on Data Mining Workshops (ICDMW

A Public Network Trace of a Control and Automation System

The increasing number of attacks against automation systems such as SCADA and their network infrastructure have demonstrated that there is a need to secure those systems. Unfortunately, directly applying existing ICT security mechanisms to automation systems is hard due to constraints of the latter, such as availability requirements or limitations of the hardware. Thus, the solution privileged by researchers is the use of network-based intrusion detection systems (N-IDS). One of the issue that many researchers encounter is how to validate and evaluate their N-IDS. Having access to a real and large automation systems for experimentation is almost impossible as companies are not inclined to give access to their systems due to obvious concerns. The few public traffic datasets that could be used for off-line experiments are either synthetic or collected at small testbeds. In this paper, we will describe and characterize a public traffic dataset collected at the HVAC management system of a university campus. Although the dataset contains only packet headers, we believe that it can help researchers, in particular designers of flow-based IDS, to validate their solutions under more realistic conditions. The traces can be found on https://github.com/gkabasele/HVAC_Traces

Detección de intrusiones en redes industriales : Evaluación experimental de algoritmos de aprendizaje de máquina

Ataques cibernéticos a sistemas industriales de infraestructura crítica son una realidad en la actualidad y sus consecuencias constituyen un riesgo a la continuidad de los negocios, la economía y el bienestar de la población. En este sentido, este trabajo presenta un análisis de implementaciones de sistemas de detección de intrusiones para sistemas industriales y una evaluación experimental de un conjunto de algoritmos, utilizados en dicho tipo de sistemas, aplicando un conjunto de datos obtenido de un sistema industrial de infraestructura crítica. Dicho análisis da énfasis a cuestiones como, algoritmos y conjuntos de datos de evaluación utilizados, parámetros de entrenamiento, ataques ensayados y métricas de evaluación. La evaluación experimental se lleva a cabo sobre un conjunto nueve algoritmos de aprendizaje de máquina utilizando un conjunto de datos con siete tipos de ataques cibernéticos a la red de un sistema industrial del tipo gasoducto en el que se utiliza el protocolo de comunicaciones modbus para la supervisión y el control. Los resultados experimentales mostraron que los algoritmos basados en árboles de decisión arrojan los mejores resultados de clasificación para la métrica de F1-Score.XXIII Workshop agentes y sistemas inteligentes (WASI)Red de Universidades con Carreras en Informátic

Adaptive anomaly detection system based on machine learning algorithms in an industrial control environment

Technology has become an integral part of contemporary society. The current transition from an industrial society to an information society is accompanied by the implementation of new technologies in every part of human activity. Increasing pressure to apply ICT in critical infrastructure resulted in the creation of new vulnerabilities. Traditional safety approaches are ineffective in a considerable number of cases. Therefore, machine learning another evolutionary step that provides robust solutions for extensive and sophisticated systems. The article focuses on cybersecurity research for industrial control systems that are widely used in the field of critical information infrastructure. Moreover, cybernetic protection for industrial control systems is one of the most important security types for a modern state. We present an adaptive solution for defense against cyber-attacks, which also consider the specifics of the industrial control systems environment. Moreover, the experiments are based on four machine learning algorithms (artificial neural network, recurrent neural network LSTM, isolation forest, and algorithm OCSVM). The proposed anomaly detection system utilizes multiple techniques and processes as preprocessing techniques, optimization techniques, and processes required for result interpretation. These procedures allow the creation of an adaptable and robust system that meets the need for industrial control systems. © 2021 The AuthorsMinistry of the Interior of the Czech Republic [VI20192022151]; UIUI A.I.Lab at the Faculty of AppliedInformatics, Tomas Bata University in Zlin; project "e-Infra-struktura CZ" (e-INFRA) [LM2018140]LM2018140; Ministerstvo Vnitra České Republiky: VI2019202215