Abstract
The security landscape in Industrial settings has completely changed in the last decades. From the initial primitive setups, industrial networks have evolved into massively interconnected environments, thus developing the Industrial Internet of Things (IIoT) paradigm. In IIoT, multiple, heterogeneous devices collaborate by collecting, sending and processing data. These data-driven environments have made possible to develop added-value services based on data that improve industrial process operation. However, it is necessary to audit incoming data to determine that the decisions are made based on correct data. In this chapter, we present an IIoT Anomaly Detection System (ADS), that audits the integrity and veracity of the data received from incoming connections. For this end, the ADS includes field data (physical qualities based on data) and connection metadata (interval between incoming connections and packet size) in the same anomaly detection model. The approach is based on multivariate statistical process Control and has been validated using data from a real water distribution plant.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Normalized to zero mean and unit variance.
- 2.
- 3.
References
Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet dossier. White paper, Symantec Corporation, Security Response
Homan J, McBride S, Caldwell R (2016) Irongate ICS Malware: nothing to see here… masking malicious activity on SCADA systems [Online]. Available: https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html (Retrieved: 2018-07-13)
Cheminod M, Durante L, Valenzano A (2013) Review of security issues in industrial networks. IEEE Trans Ind Inf 9(1):277–293
Ding D, Han QL, Xiang Y, Ge X, Zhang XM (2018) A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275:1674–1683
Urbina DI, Giraldo J, Cardenas AA, Valente J, Faisal M, Tippenhauer NO, Ruths J, Candell R, Sandberg H (2016) Survey and new directions for physics-based attack detection in control systems. NIST GCR 16–010. Technical report, National Institute of Standards and Technology
Sadeghi AR, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial internet of things. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp 1–6
Sajid A, Abbas H, Saleem K (2016) Cloud-assisted IoT-based SCADA systems security: a review of the state of the art and future challenges. IEEE Access 4:1375–1384
Rajasegarar S, Leckie C, Palaniswami M (2014) Hyperspherical cluster based distributed anomaly detection in wireless sensor networks. J Parall Distrib Comput 74(1):1833–1847
Thanigaivelan NK, Nigussie E, Kanth RK, Virtanen S, Isoaho J (2016) Distributed internal anomaly detection system for internet-of-things. In: 2016 13th IEEE annual consumer communications networking conference (CCNC), pp 319–320
Summerville DH, Zach KM, Chen Y (2015) Ultra-lightweight deep packet anomaly detection for internet of things devices. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), pp 1–8
Stiawan D, Idris MY, Malik RF, Nurmaini S, Budiarto R (2016) Anomaly detection and monitoring in internet of things communication. In: 2016 8th International Conference on Information Technology and Electrical Engineering (ICITEE), pp 1–4
Sicari S, Rizzardi A, Grieco L, Coen-Porisini A (2015) Security, privacy and trust in internet of things: the road ahead. Comput Netw 76:146–164
Bao F, Chen IR (2012) Dynamic trust management for internet of things applications. In: Proceedings of the 2012 International Workshop on Self-Aware Internet of Things. Self-IoT’12, New York. ACM, pp 1–6
Mahalle PN, Thakre PA, Prasad NR, Prasad R (2013) A fuzzy approach to trust based access control in internet of things. In: Wireless VITAE 2013, pp 1–5
Wang JP, Bin S, Yu Y, Niu XX (2013) Distributed trust management mechanism for the internet of things. Appl Mech Mater 347:2463–2467
Liu Y, Chen Z, Xia F, Lv X, Bu F (2012) An integrated scheme based on service classification in pervasive mobile services. Int J Commun Syst 25(9):1178–1188
Liu WM, Yin LH, Fang B, Zhang HL (2012) A hierarchical trust model for the internet of things. Chin J Comput Phys 35(5):846–855
Saied YB, Olivereau A, Zeghlache D, Laurent M (2013) Trust management system design for the internet of things: a context-aware and multi-service approach. Comput Secur 39:351–365
Liu Y, Gong X, Feng Y (2014) Trust system based on node behavior detection in internet of things. J Commun 35:8–15
Tormo GD, Mármol FG, Pérez GM (2015) Dynamic and flexible selection of a reputation mechanism for heterogeneous environments. Futur Gener Comput Syst 49:113–124
MacGregor JF, Kourti T (1995) Statistical process control of multivariate processes. Control Eng Pract 3(3):403–414
Camacho J, Pérez Villegas A, García Teodoro P, Maciá Fernández G (2016) PCA-based multivariate statistical network monitoring for anomaly detection. Comput Secur 59:118–137
Iturbe M, Camacho J, Garitano I, Zurutuza U, Uribeetxeberria R (2016) On the feasibility of distinguishing between process disturbances and intrusions in process control systems using multivariate statistical process control. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), Toulouse, pp 155–160
Stoumbos ZG, Reynolds MR Jr, Ryan TP, Woodall WH (2000) The state of statistical process control as we proceed into the twenty-first century. J Am Stat Assoc 95(451):992–998
Kourti T (2002) Process analysis and abnormal situation detection: from theory to practice. Control Syst IEEE 22(5):10–25
Camacho J, Pérez Villegas A, Rodríguez Gómez RA, Jiménez Mañas E (2015) Multivariate exploratory data analysis (MEDA) toolbox for matlab. Chemometrics Intell Lab Syst 143:49–57
Hotelling H (1947) Multivariate quality control. In: Eisenhart C, Hastay MW, Wallis WA (eds) Techniques of statistical analysis. McGraw-Hill, New York
Jackson JE, Mudholkar GS (1979) Control procedures for residuals associated with principal component analysis. Technometrics 21(3):341–349
Ramaker HJ, Van Sprang EN, Westerhuis JA, Gurden SP, Smilde AK, Van Der Meulen FH (2006) Performance assessment and improvement of control charts for statistical batch process monitoring. Statistica Neerlandica 60(3):339–360
Alcala CF, Qin SJ (2011) Analysis and generalization of fault diagnosis methods for process monitoring. J Process Control 21(3):322–330
Camacho J (2011) Observation-based missing data methods for exploratory data analysis to unveil the connection between observations and variables in latent subspace models. J Chemometrics 25(11):592–600
Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin MJ et al (2016) Apache spark: a unified engine for big data processing. Commun ACM 59(11):56–65
The Linux Foundation: Iproute2. https://wiki.linuxfoundation.org/networking/iproute2. Accessed 18 Aug 2018
Confluent: Confluent rest proxy. https://docs.confluent.io/current/kafka-rest/docs. Accessed 18 Aug 2018
Acknowledgements
This work has been developed by the intelligent systems for industrial systems group supported by the Department of Education, Language policy and Culture of the Basque Government. This work has been partially funded by the European Unions Horizon 2020 research and innovation programme project PROPHESY, under Grant Agreement no. 766994, and the Basque Government’s Economic Development and Infrastructure departments Elkartek program project Cyberprest under agreement KK-2018/00076. Author Iñaki Garitano is partially supported by the INCIBE grant “INCIBEC-2015-02495” corresponding to the “Ayudas para la Excelencia de los Equipos de Investigación avanzada en ciberseguridad”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Garitano, I., Iturbe, M., Ezpeleta, E., Zurutuza, U. (2019). Who’s There? Evaluating Data Source Integrity and Veracity in IIoT Using Multivariate Statistical Process Control. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-12330-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12329-1
Online ISBN: 978-3-030-12330-7
eBook Packages: Computer ScienceComputer Science (R0)