Abstract
The importance of cyber security has increased with the networked and highly complex structure of computer systems, and the increased value of information. Traditionally, control systems did not use networked communication systems. So, the cyber security was not important for the control systems. The networked control systems such as an intelligent distribution network system are appearing, and the cyber security will become very important for the control systems in the near future. However, we have few actual cyber attacks against the control systems. The intrusion detection should be developed by using only normal control system communication. In this paper, we compare conditional random field-based intrusion detection with the other probabilistic models-based intrusion detection. These methods use the sequence characteristics of network traffic in the control system communication. The learning only utilizes normal network traffic data, assuming that there is no prior knowledge on attacks in the system. We applied these two probabilistic models to intrusion detection in DARPA data and an experimental control system network and compared the differences in the performance.
Similar content being viewed by others
References
National Security Agency: Defense in depth: a practical strategy for achieving information assurance in today’s highly networked environments. http://www.nsa.gov/ia/_files/support/defenseindepth
SANS Institute: intrusion detection FAQ. http://www.sans.org/resources/idfaq
Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2007) Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA security scientific symposium 2007
Moran B, Belisle R (2008) Modeling flow information and other control system behavior to detect anomalies. In: Proceedings of the SCADA security scientific symposium 2008
Kiuchi M, Serizawa Y (2009) Security technologies. Usage and guidelines in SCADA system networks, ICCAS-SICE 2009
Onoda T, Kiuchi M (2012) Analysis of intrusion detection in control system communication based on outlier detection with One-Class classifiers. In: Proceedings of the 19th international conference, ICONIP 2012, Doha, Qatar, November 12–15, 2012, Part V, Volume 7667 of Lecture Notes in Computer Science, pp 275–282
Osareh A, Shadgar B (2008) Intrusion detection in computer networks based on machine learning algorithms. Int J Comput Sci Netw Secur 8(11):15–23
Chandola V, Banerjee A, Kumar V (2007) Outlier detection: a survey. University of Minnesota Technical Report TR 07–017
Jinny SV, Kumari JJ (2015) Encrusted CRF in intrusion detection system. In: Artificial intelligence and evolutionary algorithms in engineering systems. Springer, Berlin, pp 605–613
Lee W, Stolfo S, Mok M (1999) A data mining framework for building intrusion detection model. In: Proceedings of the IEEE symposium on security and privacy, pp 120–132
Jain R, Nasser A(2013) A comparative study of Hidden Markov Model and support vector machine in anomaly intrusion detection. J Internet Technol Secur Trans 2:176–184
Alocious C, Abouzakhar N, Xiao H, Christianson B (2014) Intrusion detection system using Bayesian network modeling. In: 13th European conference on information warfare and security ECCWS 2014, pp 223–232
Rabiner LR (1989) A tutorial on Hidden Markov models and selected applications in speech recognition. Proc IEEE 77(2):257–285
Baum T, Petrie G, Soules N (1970) Weiss: a maximization technique occurring in the statistical analysis of probabilistic functions of markov chains. Ann Math Stat 41(1):164–171
Lafferty J, McCallum A, Pereira F (2001) Conditional random fields: probabilistic models for segmenting and labeling sequence data. In: International conference on machine learning
CRF++: Yet another CRF toolkit. http://crfpp.sourceforge.net/
Lippmann RP, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 DARPA off-line intrusion detection evaluation. Comput Netw 34:579–595
DARPA: Intrusion detection evaluation data-set. http://www.ll.mit.edu/mission/communications/ist/CST/index.html
Zhang D, Leckie C (2006) An evaluation technique for network intrusion detection systems. In: InfoScale ’06 proceedings of the 1st international conference on scalable information systems, 2006
Kiuchi M, Ohba E, Serizawa Y (2009) Customizing control system intrusion detection at the application layer. In: Proceedings of the SCADA security scientific symposium 2009
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Onoda, T. Probabilistic models-based intrusion detection using sequence characteristics in control system communication. Neural Comput & Applic 27, 1119–1127 (2016). https://doi.org/10.1007/s00521-015-1984-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-015-1984-y