Abstract
Under the tendency of interconnection and interoperability in Industrial Internet, anomaly detection, which has been widely recognized, has won significant accomplishments in industrial cyber security. However, a crucial issue is how to effectively extract industrial communication features which can accurately and comprehensively describe industrial control operations. Aiming at the function code field in industrial Modbus/TCP communication protocol, this paper proposes a novel feature extraction algorithm based on weighted function code correlation, which not only indicates the contribution of single function code in the whole function code sequence, but also analyzes the correlation of different function codes. In order to design a serviceable detection engine, a dynamic adjusting ABC–SVM (Artificial Bee Colony–Support Vector Machine) anomaly detection model based on double mutations is also developed to identify abnormal behaviors in industrial control communications. The experimental results show that the proposed feature extraction algorithm can effectively reflect the changes of function control behavior in industrial control communications, and the improved ABC–SVM anomaly detection model can strengthen the detection performance by comparing with other anomaly detection engines.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
AI-Rabiaah S (2018) The “Stuxnet” virus of 2010 as an example of a “APT” and its “Recent” variances. In: Proceedings of the 21st Saudi computer society national computer conference, pp 1–5
Ani UPD, He H, Tiwari A (2017) Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. J Cyber Secur Technol 1(1):32–74
Bi J, Zhang K, Cheng XJ (2009) Intrusion detection based on RBF neural network. In: Proceedings of 2009 international symposium on information engineering and electronic commerce, pp 357–360
Boutaba R, Salahuddin MR, Limam N, Ayoubi S, Shahriar N, Estrada-Solano F, Caicedo OM (2018) A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J Internet Serv Appl 9(16):1–99
Chan R, Chow K, Chan C (2019) Defining attack patterns for industrial control systems. In: Proceedings of international conference on critical infrastructure protection, pp 289–309
Cheminod M, Durante L, Valenzano A (2013) Review of security issues in industrial networks. IEEE Trans Industr Inf 9(1):277–293
Cruz T, Rosa L, Proença J, Maglaras L, Simões P (2016) A cyber security detection framework for supervisory control and data acquisition systems. IEEE Trans Industr Inf 12(6):2236–2246
Cui L, Li G, Wang X, Lin Q, Lu J (2017) A ranking-based adaptive artificial bee colony algorithm for global numerical optimization. Inf Sci 417:169–185
Deng Z, Chung FL, Wang S (2010) Robust relief-feature weighting, margin maximization, and fuzzy optimization. IEEE Trans Fuzzy Syst 18(4):726–744
Drias Z, Serhrouchni A, Vogel O (2015) Taxonomy of attacks on Industrial control protocols. In: Proceedings of 2015 international conference on protocol engineering and new technologies of distributed systems, pp.1–6
El-Abd M (2012) Performance assessment of foraging algorithms vs. evolutionary algorithms. Inf Sci 182:243–263
Esmalifalak M, Liu L, Nguyen N, Zheng R, Han Z (2017) Detecting stealthy false data injection using machine learning in smart grid. IEEE Syst J 11(3):1644–1652
Fachkha C (2019) Cyber threat investigation of SCADA modbus activities. In: Proceedings of 2019 IFIP-NTMS, pp 1–7
Faris H, Aljarah I, Al-Betar MA, Mirjalili S (2018) Grey wolf optimizer: a review of recent variants and applications. Neural Comput Appl 30(2):413–435
Galloway B, Hancke GP (2013) Introduction to industrial control networks. IEEE Commun Surv Tutor 15(2):860–880
Gao W, Huang L, Luo Y, Wei Z, Liu S (2018) Constrained optimization by artificial bee colony framework. IEEE Access 6:73829–73845
Jeldi SB (2018) A review of intrusion detection system using various decision tree algorithm optimize challenges issues. In: Proceedings of 2018 CTEMS, pp 272–275
Jiang N, Tian F, Li J, Yuan X, Zheng JQ (2020) MAN: Mutual attention neural networks model for aspect-level sentiment classification in SIoT. IEEE Internet Things J 7(4):2901–2913
Jiang N, Xu D, Zhou J, Yan HY, Wan T, Zheng JQ (2020) Toward optimal participant decisions with voting-based incentive model for crowd sensing. Inf Sci 512:1–17
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J (2019) Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2:1–22
Kim C, Robinson D (2017) Modbus monitoring for networked control systems of cyber-defensive architecture. In: Proceedings of 2017 annual IEEE international systems conference, pp 1–6
Kwon S, Yoo H, Shon T (2019) RNN-based anomaly detection in DNP3 transport layer. In: Proceedings of 2019 IEEE international conference on communications, control, and computing technologies for smart grids (SmartGridComm), pp 1–7
Li JQ, Yu FR, Deng G, Luo C, Ming Z, Yan Q (2017) Industrial internet: a survey on the enabling technologies, applications, and challenges. IEEE Commun Surv Tutor 19(3):1504–1526
Mishra P, Varadharajan V, Tupakula U, Pilli ES (2019) A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun Surv Tutor 21(1):686–728
Shorman A, Faris H, Aljarah I (2020) Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J Ambient Intell Hum Comput 11(7):2809–2825
Terai A, Abe S, Kojima S, Takano Y, Koshijima I (2017) Cyber-attack detection for industrial control system monitoring with support vector machine based on communication profile. In: Proceedings of 2017 IEEE European symposium on security and privacy workshops (EuroS&PW), pp 132–138
Tian J, Tan R, Guan X, Xu Z, Liu T (2020) Moving target defense approach to detecting stuxnet-like attacks. IEEE Trans Smart Grid 11(1):291–300
Ting C (2015) Detection system and the realization of the principle of BP neural network based intrusion. In: Proceedings of seventh international conference on measuring technology & mechatronics automation, pp 377–382
Wan M, Shang W, Zeng P (2017) Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Trans Inf Forensics Secur 12(12):3011–3023
Wang C (2020) IoT anomaly detection method in intelligent manufacturing industry based on trusted evaluation. Int J Adv Manuf Technol 107(3–4):993–1005
Wang YJ, Cai ZP, Zhan ZH, Gong YJ, Tong XR (2019) An optimization and auction-based incentive mechanism to maximize social welfare for mobile crowdsourcing. IEEE Trans Comput Soc Syst 6(3):414–429
Wang YJ, Gao Y, Li YS, Tong XR (2020) A worker-selection incentive mechanism for optimizing platform-centric mobile crowdsourcing systems. Comput Netw 171:107–144
Yang J, Zhou C, Yang S, Xu H, Hu B (2018) Anomaly detection based on zone partition for security protection of industrial cyber-physical systems. IEEE Trans Industr Electron 65(5):4257–4267
Yuan H, Xia Y, Zhang J, Yang H, Mahmoud MS (2020) Stackelberg-game-based defense analysis against advanced persistent threats on cloud control system. IEEE Trans Industr Inf 16(3):1571–1580
Zhang N, Wu S, Yuan C, Chen D (2019) RAV: relay aided vectorized secure transmission in physical layer security for internet of things under active attacks. IEEE Internet Things J 6(5):8496–8506
Acknowledgements
This work is supported by the National Natural Science Foundation of China (Grant No. 61702439), and the Natural Science Foundation of Liaoning Province (Grant No. 2019-MS-149).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wan, M., Li, J., Wang, K. et al. Anomaly detection for industrial control operations with optimized ABC–SVM and weighted function code correlation analysis. J Ambient Intell Human Comput 13, 1383–1396 (2022). https://doi.org/10.1007/s12652-020-02636-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02636-1