Abstract
The safety of Industrial Control Systems (ICSs) is of vital importance especially for critical infrastructures (CIs) that cause economic losses as well as adversely affecting human life when damaged. The cyber-attacks on CIs in the past years have revealed these negative effects. Moreover, the conclusion that ICSs are vulnerable to cyber-attacks and that prevention should be taken against possible new attacks. This paper presents a modified DenseNet approach with NearMiss (NM) undersampling technique to detect anomalies in a small-scale ICS commonly used to test anomaly detection approaches. The utilized small-scale ICS is known as Secure Water Treatment (SWaT) testbed. To deal with class imbalance problem of the SWaT dataset, NM undersampling technique is employed and samples in majority class are deleted. Several modified DenseNet architectures are evaluated using k-fold cross validation technique and comprehensive experiments are conducted on SWaT dataset. The performance of the proposed anomaly detection approach is compared to state-of-the-art studies. The experimental results show that the proposed modified DenseNet architecture has identified anomalies occured because of the injected attacks with less false positive rate and high precision score compared to previous studies. Moreover, the superiority of the proposed approach compared to the other state-of-the-art studies is that it detects all injected attack types with an improved precision, recall and F1-score rates of 1, 0.9997 and 0.9999, respectively.
Similar content being viewed by others
Notes
http://itrust.sutd.edu.sg/itrust−labs−home/itrust-labs\(\_\)swat/
http://itrust.sutd.edu.sg/research/datasets
References
Case DU (2016) Analysis of the cyber attack on the ukrainian power grid. Elect Inform Sharing and Anal Center (E-ISAC) 388
Conti JP (2010) The day the samba stopped [power blackouts]. Engineering & Technology 5(4), 46–47
Elnour M, Meskin N, Khan K, Jain R (2020) A dual-isolation-forests-based attack detection framework for industrial control systems. IEEE Access 8, 36639–36651
Gao W, Morris T, Reaves B, Richey D (2010) On scada control system command and response injection and intrusion detection. In: 2010 eCrime Researchers Summit, pp. 1–9. IEEE
Glorot X, Bengio Y (2010) Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the thirteenth international conference on artificial intelligence and statistics, pp. 249–256
Goh J, Adepu S, Junejo KN, Mathur A (2016) A dataset to support research in the design of secure water treatment systems. In: International Conference on Critical Information Infrastructures Security, pp. 88–99. Springer
Goh J, Adepu S, Tan M, Lee ZS (2017) Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE
He H, Garcia EA (2009) Learning from imbalanced data. IEEE Transactions on knowledge and data engineering 21(9), 1263–1284
Huang G, Liu Z, Van Der Maaten L, Weinberger KQ (2017) Densely connected convolutional networks. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4700–4708
Inoue J, Yamagata Y, Chen Y, Poskitt CM, Sun J (2017) Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE international conference on data mining workshops (ICDMW), pp. 1058–1065. IEEE
Kang M, Kim J, Kim JM (2015) Reliable fault diagnosis for incipient low-speed bearings using fault feature analysis based on a binary bat algorithm. Information Sciences 294, 423–438
Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011-37th Annual Conference of the IEEE Industrial Electronics Society, pp. 4490–4494. IEEE
Kim J, Yun JH, Kim HC (2019) Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In: Computer Security, pp. 3–18. Springer
Kim S, Jo W, Shon T (2020) Apad: Autoencoder-based payload anomaly detection for industrial ioe. Applied Soft Computing 88, 106,017
Kravchik M, Shabtai A (2018) Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83
Kravchik M, Shabtai A (2019) Efficient cyber attacks detection in industrial control systems using lightweight neural networks. arXiv preprint arXiv:1907.01216
Kwon D, Kim H, Kim J, Suh SC, Kim I, Kim KJ (2019) A survey of deep learning-based network anomaly detection. Cluster Computing pp. 1–13
Li D, Chen D, Goh J, Ng Sk (2018) Anomaly detection with generative adversarial networks for multivariate time series. arXiv preprint arXiv:1809.04758
Lin Q, Adepu S, Verwer S, Mathur A (2018) Tabor: A graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536
Maglaras LA, Kim KH, Janicke H, Ferrag MA, Rallis S, Fragkou P, Maglaras A, Cruz TJ (2018) Cyber security of critical infrastructures. Ict Express 4(1), 42–45
Nader P, Honeine P, Beauseroy P (2014) {l\_p}-norms in one-class classification for intrusion detection in scada systems. IEEE Transactions on Industrial Informatics 10(4), 2308–2317
Pang G, Shen C, Cao L, Hengel Avd (2020) Deep learning for anomaly detection: A review. arXiv preprint arXiv:2007.02500
Poulsen K (2003) Slammer worm crashed ohio nuke plant net. The Register 20
Priyanga S, Krithivasan K, Pravinraj S, VS SS (2020) Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph based convolution neural network (epca-hg-cnn). IEEE Transactions on Industry Applications
Raman MG, Dong W, Mathur A (2020) Deep autoencoders as anomaly detectors: Method and case study in a distributed water treatment plant. Computers & Security 99, 102,055
Selim GEI, Hemdan EED, Shehata AM, El-Fishawy NA (2021) Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms. Multimedia Tools and Applications 80(8), 12619–12640
Slay J, Miller M (2007) Lessons learned from the maroochy water breach. In: International conference on critical infrastructure protection, pp. 73–82. Springer
Sullivan D, Luiijf E, Colbert EJ (2016) Components of industrial control systems. In: Cyber-security of SCADA and other industrial control systems, pp. 15–28. Springer
Wei L, Gao D, Luo C (2018) False data injection attacks detection with deep belief networks in smart grid. In: 2018 Chinese Automation Congress (CAC), pp. 2621–2625. IEEE
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ayas, S., Ayas, M.S. A modified densenet approach with nearmiss for anomaly detection in industrial control systems. Multimed Tools Appl 81, 22573–22586 (2022). https://doi.org/10.1007/s11042-021-11618-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-021-11618-0