Skip to main content
SpringerLink
Log in

A modified densenet approach with nearmiss for anomaly detection in industrial control systems

  • 1200: Machine Vision Theory and Applications for Cyber Physical Systems
  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The safety of Industrial Control Systems (ICSs) is of vital importance especially for critical infrastructures (CIs) that cause economic losses as well as adversely affecting human life when damaged. The cyber-attacks on CIs in the past years have revealed these negative effects. Moreover, the conclusion that ICSs are vulnerable to cyber-attacks and that prevention should be taken against possible new attacks. This paper presents a modified DenseNet approach with NearMiss (NM) undersampling technique to detect anomalies in a small-scale ICS commonly used to test anomaly detection approaches. The utilized small-scale ICS is known as Secure Water Treatment (SWaT) testbed. To deal with class imbalance problem of the SWaT dataset, NM undersampling technique is employed and samples in majority class are deleted. Several modified DenseNet architectures are evaluated using k-fold cross validation technique and comprehensive experiments are conducted on SWaT dataset. The performance of the proposed anomaly detection approach is compared to state-of-the-art studies. The experimental results show that the proposed modified DenseNet architecture has identified anomalies occured because of the injected attacks with less false positive rate and high precision score compared to previous studies. Moreover, the superiority of the proposed approach compared to the other state-of-the-art studies is that it detects all injected attack types with an improved precision, recall and F1-score rates of 1, 0.9997 and 0.9999, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. http://itrust.sutd.edu.sg/itrust−labs−home/itrust-labs\(\_\)swat/

  2. http://itrust.sutd.edu.sg/research/datasets

References

  1. Case DU (2016) Analysis of the cyber attack on the ukrainian power grid. Elect Inform Sharing and Anal Center (E-ISAC) 388

  2. Conti JP (2010) The day the samba stopped [power blackouts]. Engineering & Technology 5(4), 46–47

    Article  Google Scholar 

  3. Elnour M, Meskin N, Khan K, Jain R (2020) A dual-isolation-forests-based attack detection framework for industrial control systems. IEEE Access 8, 36639–36651

    Article  Google Scholar 

  4. Gao W, Morris T, Reaves B, Richey D (2010) On scada control system command and response injection and intrusion detection. In: 2010 eCrime Researchers Summit, pp. 1–9. IEEE

  5. Glorot X, Bengio Y (2010) Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the thirteenth international conference on artificial intelligence and statistics, pp. 249–256

  6. Goh J, Adepu S, Junejo KN, Mathur A (2016) A dataset to support research in the design of secure water treatment systems. In: International Conference on Critical Information Infrastructures Security, pp. 88–99. Springer

  7. Goh J, Adepu S, Tan M, Lee ZS (2017) Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE

  8. He H, Garcia EA (2009) Learning from imbalanced data. IEEE Transactions on knowledge and data engineering 21(9), 1263–1284

    Article  Google Scholar 

  9. Huang G, Liu Z, Van Der Maaten L, Weinberger KQ (2017) Densely connected convolutional networks. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4700–4708

  10. Inoue J, Yamagata Y, Chen Y, Poskitt CM, Sun J (2017) Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE international conference on data mining workshops (ICDMW), pp. 1058–1065. IEEE

  11. Kang M, Kim J, Kim JM (2015) Reliable fault diagnosis for incipient low-speed bearings using fault feature analysis based on a binary bat algorithm. Information Sciences 294, 423–438

    Article  MathSciNet  Google Scholar 

  12. Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011-37th Annual Conference of the IEEE Industrial Electronics Society, pp. 4490–4494. IEEE

  13. Kim J, Yun JH, Kim HC (2019) Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In: Computer Security, pp. 3–18. Springer

  14. Kim S, Jo W, Shon T (2020) Apad: Autoencoder-based payload anomaly detection for industrial ioe. Applied Soft Computing 88, 106,017

  15. Kravchik M, Shabtai A (2018) Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83

  16. Kravchik M, Shabtai A (2019) Efficient cyber attacks detection in industrial control systems using lightweight neural networks. arXiv preprint arXiv:1907.01216

  17. Kwon D, Kim H, Kim J, Suh SC, Kim I, Kim KJ (2019) A survey of deep learning-based network anomaly detection. Cluster Computing pp. 1–13

  18. Li D, Chen D, Goh J, Ng Sk (2018) Anomaly detection with generative adversarial networks for multivariate time series. arXiv preprint arXiv:1809.04758

  19. Lin Q, Adepu S, Verwer S, Mathur A  (2018) Tabor: A graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536

  20. Maglaras LA, Kim KH, Janicke H, Ferrag MA, Rallis S, Fragkou P, Maglaras A, Cruz TJ (2018) Cyber security of critical infrastructures. Ict Express 4(1), 42–45

    Article  Google Scholar 

  21. Nader P, Honeine P, Beauseroy P (2014) {l\_p}-norms in one-class classification for intrusion detection in scada systems. IEEE Transactions on Industrial Informatics 10(4), 2308–2317

    Article  Google Scholar 

  22. Pang G, Shen C, Cao L, Hengel Avd (2020) Deep learning for anomaly detection: A review. arXiv preprint arXiv:2007.02500

  23. Poulsen K (2003) Slammer worm crashed ohio nuke plant net. The Register 20

  24. Priyanga S, Krithivasan K, Pravinraj S, VS SS (2020) Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph based convolution neural network (epca-hg-cnn). IEEE Transactions on Industry Applications

  25. Raman MG, Dong W, Mathur A (2020) Deep autoencoders as anomaly detectors: Method and case study in a distributed water treatment plant. Computers & Security 99, 102,055

  26. Selim GEI, Hemdan EED, Shehata AM, El-Fishawy NA (2021) Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms. Multimedia Tools and Applications 80(8), 12619–12640

    Article  Google Scholar 

  27. Slay J, Miller M (2007) Lessons learned from the maroochy water breach. In: International conference on critical infrastructure protection, pp. 73–82. Springer

  28. Sullivan D, Luiijf E, Colbert EJ (2016) Components of industrial control systems. In: Cyber-security of SCADA and other industrial control systems, pp. 15–28. Springer

  29. Wei L, Gao D, Luo C (2018) False data injection attacks detection with deep belief networks in smart grid. In: 2018 Chinese Automation Congress (CAC), pp. 2621–2625. IEEE

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Karadeniz Technical University, Trabzon, 61080, Turkey

    Selen Ayas

  2. Department of Electrical and Electronics Engineering, Karadeniz Technical University, Trabzon, 61080, Turkey

    Mustafa Sinasi Ayas

Authors
  1. Selen Ayas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mustafa Sinasi Ayas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Selen Ayas.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ayas, S., Ayas, M.S. A modified densenet approach with nearmiss for anomaly detection in industrial control systems. Multimed Tools Appl 81, 22573–22586 (2022). https://doi.org/10.1007/s11042-021-11618-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-021-11618-0

Keywords

Search

Navigation