Abstract
Industrial Control System (ICSs), one type of Operational Technology (OT), plays an essential role in monitoring and controlling critical infrastructures such as power plants, smart grids, oil and gas industries, and transportation. To maintain the security of ICSs from cyber-attacks, they were placed on isolated communication networks, where they were relatively obscure and unknown to most attackers. The integration of the Internet of Things (IoT) in ICSs opens up the possibility of remote monitoring, access, and control of the critical infrastructure (CI), leading to more agile and efficient systems. This is called the Industrial Internet of Things (IIoT). However, this integration increases the vulnerabilities of ICS towards cyber-attacks. Due to the IIoT and ICS environment, a compromise in the system may lead to severe danger to human life or the environment. The growing number of cyber-attacks against IIoT in recent years elevates a significant concern for proper and timely security solutions for these systems. Besides, due to the differences between the IT and OT networks, IT cyber-security tools and systems are not suitable for IIoT. These differences include network protocols and types of assets. Besides, in the IT networks, the main focus is on throughput management of the network, while the OT focuses on reliability and punctuality. In this chapter, cyber-attack detection in IIoT using Machine Learning (ML) techniques was discussed, and an unsupervised deep representation learning was proposed to handle the imbalanced IIoT data. The new representation was evaluated using seven IIoT datasets and compared with six other ML techniques in accuracy, precision, recall, and f-measure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
HaddadPajouh H, Dehghantanha A, M. Parizi R, et al (2019) A survey on internet of things security: Requirements, challenges, and solutions. Internet of Things 100129. https://doi.org/10.1016/j.iot.2019.100129
Sakhnini J, Karimipour H, Dehghantanha A, et al (2019) Security aspects of Internet of Things aided smart grids: A bibliometric survey. Internet of Things 100111. https://doi.org/10.1016/j.iot.2019.100111
SonicWall (2020) 2020 SonicWall cyber threat report
Singh S, Karimipour H, HaddadPajouh H, Dehghantanha A (2020) Artificial Intelligence and Security of Industrial Control Systems. In: Choo K-KR, Dehghantanha A (eds) Handbook of Big Data Privacy. Springer International Publishing, Cham, pp 121–164
Karimipour H, Dehghantanha A, Parizi RM, et al (2019) A Deep and Scalable Unsupervised Machine Learning System for Cyber-Attack Detection in Large-Scale Smart Grids. IEEE Access 7:80778–80788. https://doi.org/10.1109/ACCESS.2019.2920326
Yan W, Mestha LK, Abbaszadeh M (2019) Attack Detection for Securing Cyber Physical Systems. IEEE Internet Things J 6:8471–8481. https://doi.org/10.1109/JIOT.2019.2919635
Cui Z, Xue F, Cai X, et al (2018) Detection of Malicious Code Variants Based on Deep Learning. IEEE Trans Ind Informatics 1–1. https://doi.org/10.1109/TII.2018.2822680
Zhang F, Kodituwakku HADE, Hines JW, Coble J (2019) Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data. IEEE Trans Ind Informatics 15:4362–4369. https://doi.org/10.1109/TII.2019.2891261
Ma R, Cheng P, Zhang Z, et al (2019) Stealthy Attack Against Redundant Controller Architecture of Industrial Cyber-Physical System. IEEE Internet Things J 6:9783–9793. https://doi.org/10.1109/JIOT.2019.2931349
CISA (2016) Cyber-Attack Against Ukrainian Critical Infrastructure. https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01
Falco G, Caldera C, Shrobe H (2018) IIoT Cybersecurity Risk Modeling for SCADA Systems. IEEE Internet Things J 5:4486–4495. https://doi.org/10.1109/JIOT.2018.2822842
Higgins KJ (2010) Security Incidents Rise In Industrial Control Systems. https://www.darkreading.com/attacks-breaches/security-incidents-rise-in-industrial-control-systems-/d/d-id/1133388
Karimipour H, Srikantha P, Farag H, Wei-Kocsis J (2020) Security of Cyber-Physical Systems. Springer International Publishing, Cham
Al-Abassi A, Karimipour H, HaddadPajouh H, et al (2020) Industrial Big Data Analytics: Challenges and Opportunities. In: Choo K-KR, Dehghantanha A (eds) Handbook of Big Data Privacy. Springer International Publishing, Cham, pp 37–61
Yang J, Zhou C, Yang S, et al (2018) Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems. IEEE Trans Ind Electron 65:4257–4267. https://doi.org/10.1109/TIE.2017.2772190
Singh S, Karimipour H, Pajooh H, Dehghantanha A (2019) Artificial Intelligence and Security of Industrial Control Systems. In: Handbook of Big Data and Privacy. pp 1–32
Tahsien SM, Karimipour H, Spachos P (2020) Machine learning based solutions for security of Internet of Things (IoT): A survey. J Netw Comput Appl 161:102630. https://doi.org/10.1016/j.jnca.2020.102630
Public Safety Canada (2018) National Cyber Security Action Plan (2019-2024). https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg-2019/index-en.aspx
Ntalampiras S (2015) Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans Ind Informatics 11:104–111. https://doi.org/10.1109/TII.2014.2367322
Mohammadi S, Mirvaziri H, Ghazizadeh-Ahsaee M, Karimipour H (2019) Cyber intrusion detection by combined feature selection algorithm. J Inf Secur Appl 44:80–88. https://doi.org/10.1016/j.jisa.2018.11.007
E. Nowroozi, A. Dehghantanha, R. M. Parizi, and K.-K. R. Choo, “A survey of machine learning techniques in adversarial image forensics,” Computers & Security, vol. 100, p. 102092, 2021.
A. Yazdinejad, G. Srivastava, R. M. Parizi, A. Dehghantanha, H. Karimipour, and S. R. Karizno, “SLPoW: Secure and Low Latency Proof of Work Protocol for Blockchain in Green IoT Networks,” in 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), 2020, pp. 1–5: IEEE.
Ponomarev S, Atkison T (2016) Industrial Control System Network Intrusion Detection by Telemetry Analysis. IEEE Trans Dependable Secur Comput 13:252–260. https://doi.org/10.1109/TDSC.2015.2443793
A. Yazdinejadna, R. M. Parizi, A. Dehghantanha, and M. S. Khan, “A kangaroo-based intrusion detection system on software-defined networks,” Computer Networks, vol. 184, p. 107688, 2021.
A. N. Jahromi, S. Hashemi, A. Dehghantanha, R. M. Parizi and K. -K. R. Choo, “An Enhanced Stacked LSTM Method With No Random Initialization for Malware Threat Hunting in Safety and Time-Critical Systems,” in IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 4, no. 5, pp. 630–640, Oct. 2020, https://doi.org/10.1109/TETCI.2019.2910243.
Chi-Ho Tsang, Kwong S (2005) Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction. In: 2005 IEEE International Conference on Industrial Technology. pp 51–56
Pang Z, Liu G, Zhou D, et al (2016) Two-Channel False Data Injection Attacks Against Output Tracking Control of Networked Systems. IEEE Trans Ind Electron 63:3242–3251. https://doi.org/10.1109/TIE.2016.2535119
Clemente JF (2018) No CYBER SECURITY FOR CRITICAL ENERGY INFRASTRUCTURE. Naval Postgraduate School
Gao W, Morris T (2014) On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems. J Digit Forensics, Secur Law. https://doi.org/10.15394/jdfsl.2014.1162
Maglaras LA, Jiang J (2014) Intrusion detection in SCADA systems using machine learning techniques. In: 2014 Science and Information Conference. pp 626–631
Luo Y (2013) Research and design on intrusion detection methods for industrial control system. Zhejiang University
He Y, Mendis GJ, Wei J (2017) Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism. IEEE Trans Smart Grid 8:2505–2516. https://doi.org/10.1109/TSG.2017.2703842
Krawczyk B (2016) Learning from imbalanced data: open challenges and future directions. Prog Artif Intell 5:221–232. https://doi.org/10.1007/s13748-016-0094-0
Linda O, Manic M, Vollmer T, Wright J (2011) Fuzzy logic based anomaly detection for embedded network security cyber sensor. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS). pp 202–209
Vollmer T, Manic M (2009) Computationally efficient Neural Network Intrusion Security Awareness. In: 2009 2nd International Symposium on Resilient Control Systems. pp 25–30
Javaid A, Niyaz Q, Sun W, Alam M (2016) A Deep Learning Approach for Network Intrusion Detection System. In: Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (Formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), Brussels, BEL, pp 21–26
Jahromi AN, Hashemi S, Dehghantanha A, et al (2020) An Improved Two-Hidden-Layer Extreme Learning Machine for Malware Hunting. Comput Secur 89:101655. https://doi.org/10.1016/j.cose.2019.101655
Karimipour H, Leung H (2020) Relaxation-based anomaly detection in cyber-physical systems using ensemble kalman filter. IET Cyber-Physical Syst Theory Appl 5:49–58
Karimipour H, Dinavahi V (2017) On false data injection attack against dynamic state estimation on smart power grids. In: 2017 IEEE International Conference on Smart Energy Grid Engineering (SEGE). pp 388–393
Zolanvari M, Teixeira MA, Gupta L, et al (2019) Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things. IEEE Internet Things J 6:6822–6834. https://doi.org/10.1109/JIOT.2019.2912022
Shang W, Zeng P, Wan M, et al (2016) Intrusion detection algorithm based on OCSVM in industrial control system. Secur Commun Networks 9:1040–1049. https://doi.org/10.1002/sec.1398
(2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci (Ny) 378:484–497. https://doi.org/10.1016/j.ins.2016.04.019
Yu JJQ, Hou Y, Li VOK (2018) Online False Data Injection Attack Detection With Wavelet Transform and Deep Neural Networks. IEEE Trans Ind Informatics 14:3271–3280. https://doi.org/10.1109/TII.2018.2825243
Wang H, Ruan J, Wang G, et al (2018) Deep Learning-Based Interval State Estimation of AC Smart Grids Against Sparse Cyber Attacks. IEEE Trans Ind Informatics 14:4766–4778. https://doi.org/10.1109/TII.2018.2804669
Dovom EM, Azmoodeh A, Dehghantanha A, et al (2019) Fuzzy pattern tree for edge malware detection and categorization in IoT. J Syst Archit 97:1–7. https://doi.org/10.1016/j.sysarc.2019.01.017
Khan IA, Pi D, Khan ZU, et al (2019) HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems. IEEE Access 7:89507–89521. https://doi.org/10.1109/ACCESS.2019.2925838
Sakhnini J, Karimipour H, Dehghantanha A (2019) Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection. In: 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE). IEEE, pp 108–112
Wang H, Ruan J, Zhou B, et al (2019) Dynamic Data Injection Attack Detection of Cyber Physical Power Systems with Uncertainties. IEEE Trans Ind Informatics 15:5505–5518. https://doi.org/10.1109/TII.2019.2902163
Li D, Chen D, Jin B, et al (2019) MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks. Lect Notes Comput Sci (including Subser Lect Notes Artif Intell Lect Notes Bioinformatics) 11730 LNCS:703–716. https://doi.org/10.1007/978-3-030-30490-4_56
Abokifa AA, Haddad K, Lo C, Biswas P (2019) Real-Time Identification of Cyber-Physical Attacks on Water Distribution Systems via Machine Learning-Based Anomaly Detection Techniques. J Water Resour Plan Manag 145:4018089. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001023
Haddadpajouh H, Mohtadi A, Dehghantanaha A, et al (2020) A Multi-Kernel and Meta-heuristic Feature Selection Approach for IoT Malware Threat Hunting in the Edge Layer. IEEE Internet Things J 1–1. https://doi.org/10.1109/JIOT.2020.3026660
Fard SMH, Karimipour H, Dehghantanha A, et al (2020) Ensemble sparse representation-based cyber threat hunting for security of smart cities. Comput Electr Eng 88:106825. https://doi.org/10.1016/j.compeleceng.2020.106825
Yang K, Li Q, Lin X, et al (2020) iFinger: Intrusion Detection in Industrial Control Systems via Register-Based Fingerprinting. IEEE J Sel Areas Commun 38:955–967
Bengio Y (2009) Learning Deep Architectures for AI. Found Trends® Mach Learn 2:1–127. https://doi.org/10.1561/2200000006
Huang G Bin, Zhu QY, Siew CK (2004) Extreme learning machine: A new learning scheme of feedforward neural networks. In: IEEE International Conference on Neural Networks—Conference Proceedings. IEEE, pp 985–990
Huang G-B, Zhu Q-Y, Siew C-K (2006) Extreme learning machine: Theory and applications. Neurocomputing 70:489–501. https://doi.org/10.1016/j.neucom.2005.12.126
Bourlard H, Kamp Y (1988) Auto-association by multilayer perceptrons and singular value decomposition. Biol Cybern 59:291–294. https://doi.org/10.1007/BF00332918
Hinton GE, Zemel RS (1994) Autoencoders, Minimum description length and helmholtz free energy. In: Cowan JD, Tesauro G, Alspector J (eds) Advances in Neural Information Processing Systems 6. Morgan-Kaufmann, pp 3–10
Bengio Y, Courville A, Vincent P (2013) Representation Learning: A Review and New Perspectives. IEEE Trans Pattern Anal Mach Intell 35:1798–1828
Goodfellow I, Bengio Y, Courville A (2016) Deep learning. MIT Press
Ng A, Ngiam J, Foo CY, et al (2013) Unsuoervised feature and deep learning (UFLDL). In: Stanford Univ.
Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011—37th Annual Conference of the IEEE Industrial Electronics Society. pp 4490–4494
Hochreiter S, Schmidhuber J (1997) Long Short-Term Memory. Neural Comput 9:1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735
Fayyad UM, Irani KB (1992) On the handling of continuous-valued attributes in decision tree generation. Mach Learn 8:87–102. https://doi.org/10.1007/BF00994007
Wang D, Wang X, Zhang Y, Jin L (2019) Detection of power grid disturbances and cyber-attacks based on machine learning. J Inf Secur Appl 46:42–52. https://doi.org/10.1016/j.jisa.2019.02.008
Breiman L (2001) Random Forests. Mach Learn 45:5–32. https://doi.org/10.1023/A:1010933404324
Genuer R, Poggi J-M, Tuleau-Malot C, Villa-Vialaneix N (2017) Random Forests for Big Data. Big Data Res 9:28–46. https://doi.org/10.1016/j.bdr.2017.07.003
Sebald DJ, Bucklew JA (2000) Support Vector Machine Techniques for Nonlinear Equalization. IEEE Trans Signal Process 48:3217–3226. https://doi.org/10.1109/78.875477
Lowd D, Domingos P (2005) Naive Bayes Models for Probability Estimation. In: Proceedings of the 22nd international conference on Machine learning—ICML ’05. ACM Press, New York, New York, USA, pp 529–536
Bellinger C, Sharma S, Japkowicz N (2012) One-Class versus Binary Classification: Which and When? In: 2012 11th International Conference on Machine Learning and Applications. pp 102–106
Namavar Jahromi A, Sakhnini J, Karimpour H, Dehghantanha A (2019) A Deep Unsupervised Representation Learning Approach for Effective Cyber-Physical Attack Detection and Identification on Highly Imbalanced Data. In: Proceedings of the 29th Annual International Conference on Computer Science and Software Engineering. IBM Corp., pp 14–23
Alsaedi A, Moustafa N, Tari Z, et al (2020) TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems. IEEE Access 8:165130–165150. https://doi.org/10.1109/ACCESS.2020.3022862
Ramirez AG, Lara C, Betev L, et al (2018) Arhuaco: Deep Learning and Isolation Based Security for Distributed High-Throughput Computing
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Jahromi, A.N., Karimipour, H., Dehghantanha, A., Parizi, R.M. (2021). Deep Representation Learning for Cyber-Attack Detection in Industrial IoT. In: Karimipour, H., Derakhshan, F. (eds) AI-Enabled Threat Detection and Security Analysis for Industrial IoT . Springer, Cham. https://doi.org/10.1007/978-3-030-76613-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-76613-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-76612-2
Online ISBN: 978-3-030-76613-9
eBook Packages: Computer ScienceComputer Science (R0)