Skip to main content
SpringerLink
Log in

Probabilistic models-based intrusion detection using sequence characteristics in control system communication

  • EANN
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The importance of cyber security has increased with the networked and highly complex structure of computer systems, and the increased value of information. Traditionally, control systems did not use networked communication systems. So, the cyber security was not important for the control systems. The networked control systems such as an intelligent distribution network system are appearing, and the cyber security will become very important for the control systems in the near future. However, we have few actual cyber attacks against the control systems. The intrusion detection should be developed by using only normal control system communication. In this paper, we compare conditional random field-based intrusion detection with the other probabilistic models-based intrusion detection. These methods use the sequence characteristics of network traffic in the control system communication. The learning only utilizes normal network traffic data, assuming that there is no prior knowledge on attacks in the system. We applied these two probabilistic models to intrusion detection in DARPA data and an experimental control system network and compared the differences in the performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. National Security Agency: Defense in depth: a practical strategy for achieving information assurance in today’s highly networked environments. http://www.nsa.gov/ia/_files/support/defenseindepth

  2. SANS Institute: intrusion detection FAQ. http://www.sans.org/resources/idfaq

  3. Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2007) Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA security scientific symposium 2007

  4. Moran B, Belisle R (2008) Modeling flow information and other control system behavior to detect anomalies. In: Proceedings of the SCADA security scientific symposium 2008

  5. Kiuchi M, Serizawa Y (2009) Security technologies. Usage and guidelines in SCADA system networks, ICCAS-SICE 2009

  6. Onoda T, Kiuchi M (2012) Analysis of intrusion detection in control system communication based on outlier detection with One-Class classifiers. In: Proceedings of the 19th international conference, ICONIP 2012, Doha, Qatar, November 12–15, 2012, Part V, Volume 7667 of Lecture Notes in Computer Science, pp 275–282

  7. Osareh A, Shadgar B (2008) Intrusion detection in computer networks based on machine learning algorithms. Int J Comput Sci Netw Secur 8(11):15–23

    Google Scholar 

  8. Chandola V, Banerjee A, Kumar V (2007) Outlier detection: a survey. University of Minnesota Technical Report TR 07–017

  9. Jinny SV, Kumari JJ (2015) Encrusted CRF in intrusion detection system. In: Artificial intelligence and evolutionary algorithms in engineering systems. Springer, Berlin, pp 605–613

  10. Lee W, Stolfo S, Mok M (1999) A data mining framework for building intrusion detection model. In: Proceedings of the IEEE symposium on security and privacy, pp 120–132

  11. Jain R, Nasser A(2013) A comparative study of Hidden Markov Model and support vector machine in anomaly intrusion detection. J Internet Technol Secur Trans 2:176–184

    Google Scholar 

  12. Alocious C, Abouzakhar N, Xiao H, Christianson B (2014) Intrusion detection system using Bayesian network modeling. In: 13th European conference on information warfare and security ECCWS 2014, pp 223–232

  13. Rabiner LR (1989) A tutorial on Hidden Markov models and selected applications in speech recognition. Proc IEEE 77(2):257–285

    Article  Google Scholar 

  14. Baum T, Petrie G, Soules N (1970) Weiss: a maximization technique occurring in the statistical analysis of probabilistic functions of markov chains. Ann Math Stat 41(1):164–171

    Article  MathSciNet  MATH  Google Scholar 

  15. Lafferty J, McCallum A, Pereira F (2001) Conditional random fields: probabilistic models for segmenting and labeling sequence data. In: International conference on machine learning

  16. CRF++: Yet another CRF toolkit. http://crfpp.sourceforge.net/

  17. Lippmann RP, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 DARPA off-line intrusion detection evaluation. Comput Netw 34:579–595

    Article  Google Scholar 

  18. DARPA: Intrusion detection evaluation data-set. http://www.ll.mit.edu/mission/communications/ist/CST/index.html

  19. Zhang D, Leckie C (2006) An evaluation technique for network intrusion detection systems. In: InfoScale ’06 proceedings of the 1st international conference on scalable information systems, 2006

  20. Kiuchi M, Ohba E, Serizawa Y (2009) Customizing control system intrusion detection at the application layer. In: Proceedings of the SCADA security scientific symposium 2009

Download references

Author information

Authors and Affiliations

  1. Central Research Institute of Electrci Power Industry, 2-11-1, Iwado Kita, Komae-shi, Tokyo, Japan

    Takashi Onoda

Authors
  1. Takashi Onoda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takashi Onoda.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Onoda, T. Probabilistic models-based intrusion detection using sequence characteristics in control system communication. Neural Comput & Applic 27, 1119–1127 (2016). https://doi.org/10.1007/s00521-015-1984-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-015-1984-y

Keywords

Search

Navigation