Advertisement

Anomaly Detection in Cyber-Physical Systems Using Machine Learning

  • Hossein Mohammadi RouzbahaniEmail author
  • Hadis Karimipour
  • Abolfazl Rahimnejad
  • Ali Dehghantanha
  • Gautam Srivastava
Chapter
  • 32 Downloads

Abstract

Cyber-Physical Systems (CPS) are characterized by a wide range of complex multi-tasking components with close interaction that leads to integrating cyber sections into the physical world. Considering the significant growth of cyber-physical systems and due to the widespread use of smart features and communication tools, new challenges have emerged. In this regard, a new generation of CPSs such as the smart grid are facing different vulnerabilities and many threats and attacks. Therefore, the most important challenges for these systems are security and privacy. Anomaly detection is an important data analysis task as one of the approaches for CPSs security. As different anomaly detection methods are presented, it is difficult to compare the advantages and disadvantages of these techniques. Finally, in this chapter Machine Learning (ML) methods for detection of anomalies are presented through a case study which demonstrates the effectiveness of machine learning techniques at classifying False Data Injection (FDI) attacks.

Keywords

Cyber-physical system Anomaly detection Machine learning Smart grids 

References

  1. 1.
    V. Gunes, S. Peter, T. Givargis, et al., A Survey on Concepts, Applications, and Challenges in Cyber-Physical Systems. Citeseer (2014). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.717.3807&rep=rep1&type=pdf
  2. 2.
    J. Goh, S. Adepu, M. Tan, et al., Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks (2017). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/7911887/
  3. 3.
    A. Jones, Z. Kong, C. Belta, Anomaly detection in cyber-physical systems: a formal methods approach, in 53rd IEEE Conference on Decision and Control (2014). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/7039487/
  4. 4.
    M. Cintuglu, O. Mohammed, K. Akkaya, A.S. Uluagac, A Survey on Smart Grid Cyber-Physical System Testbeds (2016). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/7740849/
  5. 5.
    T. Agarwal, P. Niknejad, A. Rahimnejad, M.R. Barzegaran, L. Vanfretti, Cyber–physical microgrid components fault prognosis using electromagnetic sensors. IET Cyber-Phys Syst Theory Appl 4(2), 173–178 (2019).  https://doi.org/10.1049/iet-cps.2018.5043 CrossRefGoogle Scholar
  6. 6.
    H.M. Ruzbahani, H. Karimipour, Optimal incentive-based demand response management of smart households, in 2018 IEEE/IAS 54th Industrial and Commercial Power Systems Technical Conference (I&CPS) (2018), pp. 1–7.  https://doi.org/10.1109/ICPS.2018.8369971
  7. 7.
    H.M. Ruzbahani, A. Rahimnejad, H. Karimipour, Smart households demand response management with micro grid, in 2019 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT) (2019), pp. 1–5.  https://doi.org/10.1109/ISGT.2019.8791595
  8. 8.
    C.K. Keerthi, M.A. Jabbar, B. Seetharamulu, Cyber Physical Systems (CPS): security issues, challenges and solutions, in 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC) (2017), pp. 1–4.  https://doi.org/10.1109/ICCIC.2017.8524312
  9. 9.
    A. Rahimneiad, I. Al-Omari, R. Barzegaran, H. Karimipour, Hybrid harmonic estimation based on least square method and bacterial foraging optimization, in 2018 IEEE Electrical Power and Energy Conference (EPEC) (2018), pp. 1–6.  https://doi.org/10.1109/EPEC.2018.8598450
  10. 10.
    A. Azmoodeh, A. Dehghantanha, K.-K.R. Choo, Robust malware detection for internet of (battlefield) things devices using deep Eigenspace learning. IEEE Trans Sustain Comput 4(1), 88–95 (2019).  https://doi.org/10.1109/TSUSC.2018.2809665 CrossRefGoogle Scholar
  11. 11.
    A. Azmoodeh, A. Dehghantanha, R.M. Parizi, H. Karimipour, E. Modiri, D.E. Newton, Fuzzy pattern tree for edge malware detection and categorization in IoT zero trust distributed computing view project naive-Bayesian-based model for interoperability among heterogeneous Systems in Intelligent Buildings View project fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019).  https://doi.org/10.1016/j.sysarc.2019.01.017 CrossRefGoogle Scholar
  12. 12.
    H. Karimipour, A. Dehghantanha, R.M. Parizi, K.-K.R. Choo, H. Leung, A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids. IEEE Access 7, 80778 (2019).  https://doi.org/10.1109/ACCESS.2019.2920326 CrossRefGoogle Scholar
  13. 13.
    R. Altawy, A.M. Youssef, Security tradeoffs in cyber physical systems: a case study survey on implantable medical devices. IEEE Access 4, 959–979 (2016).  https://doi.org/10.1109/ACCESS.2016.2521727 CrossRefGoogle Scholar
  14. 14.
    C.-W. Tsai, C.-F. Lai, M.-C. Chiang, L.T. Yang, Data mining for internet of things: a survey. IEEE Commun. Surv. Tutorials 16(1), 77–97 (2014).  https://doi.org/10.1109/SURV.2013.103013.00206 CrossRefGoogle Scholar
  15. 15.
    J. Sakhnini, H. Karimipour, A. Dehghantanha, Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection (2019). http://arxiv.org/abs/1907.03313
  16. 16.
    O.M.K. Alhawi, J. Baldwin, A. Dehghantanha, Leveraging machine learning techniques for windows ransomware network traffic detection, in Cyber Threat Intelligence, (Springer, Cham, 2018), p. 70.  https://doi.org/10.1007/978-3-319-73951-9_5 CrossRefGoogle Scholar
  17. 17.
    N. Milosevic, A. Dehghantanha, K.-K.R. Choo, Machine learning aided android malware classification. Comput. Elect. Eng. 61, 266–274 (2017).  https://doi.org/10.1016/J.COMPELECENG.2017.02.013 CrossRefGoogle Scholar
  18. 18.
    A. Shalaginov, S. Banin, et al., Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (Springer, Berlin, 2018). https://link.springer.com/chapter/10.1007/978-3-319-73951-9_2 Google Scholar
  19. 19.
    A. Shalaginov, S. Banin, A. Dehghantanha, K. Franke, Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (2018).  https://doi.org/10.1007/978-3-319-73951-9_2 CrossRefGoogle Scholar
  20. 20.
    V. Chandola, A. Banerjee, V. Kumar, Anomaly detection. ACM Comput. Surv. 41(3), 1–58 (2009).  https://doi.org/10.1145/1541880.1541882 CrossRefGoogle Scholar
  21. 21.
    S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, H. Karimipour, Cyber intrusion detection by combined feature selection algorithm. J. Inform. Secur. Appl. 44, 80–88 (2019).  https://doi.org/10.1016/J.JISA.2018.11.007 CrossRefGoogle Scholar
  22. 22.
    M. Conti, S. Das, C. Bisdikian, M. Kumar, et al., Looking ahead in pervasive computing: challenges and opportunities in the era of cyber–physical convergence. Pervasive Mob. Comput. 8, 2–21 (2012). https://www.sciencedirect.com/science/article/pii/S1574119211001271 CrossRefGoogle Scholar
  23. 23.
    I. Horvath, B.H. Gerritsen, Cyber-Physical Systems: Concepts, Technologies and Implementation Principles (2012). Researchgate.Net. https://www.researchgate.net/profile/Imre_Horvath/publication/229441298_CYBER-PHYSICAL_SYSTEMS_CONCEPTS_TECHNOLOGIES_AND_IMPLEMENTATION_PR INCIPLES/links/0912f500e60008cd01000000.pdf
  24. 24.
    L. Miclea, et al., About Dependability in Cyber-Physical Systems (2011). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/6116428/
  25. 25.
    J. Shi, J. Wan, H. Yan, H. Suo, A survey of cyber-physical systems, in 2011 International Conference on Wireless Communications and Signal Processing (WCSP) (2011), pp. 1–6.  https://doi.org/10.1109/WCSP.2011.6096958
  26. 26.
    F. Ghalavand, B. Alizade, H. Gaber, H. Karimipour, Microgrid islanding detection based on mathematical morphology. Energies 11(10), 2696 (2018).  https://doi.org/10.3390/en11102696 CrossRefGoogle Scholar
  27. 27.
    F. Ghalavand, B. Alizade, H. Gaber, H. Karimipour, F. Ghalavand, B.A.M. Alizade, et al., Microgrid islanding detection based on mathematical morphology. Energies 11(10), 2696 (2018).  https://doi.org/10.3390/en11102696 CrossRefGoogle Scholar
  28. 28.
    H. Karimipour, V. Dinavahi, On false data injection attack against dynamic state estimation on smart power grids, in 2017 IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2017), pp. 388–393.  https://doi.org/10.1109/SEGE.2017.8052831
  29. 29.
    H. Karimipour, V. Dinavahi, Robust massively parallel dynamic state estimation of power systems against cyber-attack. IEEE Access 6, 2984–2995 (2018).  https://doi.org/10.1109/ACCESS.2017.2786584 CrossRefGoogle Scholar
  30. 30.
    S. Geris, H. Karimipour, A feature selection-based approach for joint cyber-attack detection and state estimation, in IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2019), pp. 1–5. https://www.scpslab.org/publications.html
  31. 31.
    S. Mohammadi, V. Desai, H. Karimipour, Multivariate mutual information feature selection for intrusion detection, in IEEE Canada Electrical Power and Energy Conference (EPEC) (2018), pp. 1–6. https://www.scpslab.org/publications.html
  32. 32.
    H. Karimipour, S. Geris, A. Dehghantanha, Anomaly detection for large-scale smart grids (2019), pp. 1–4. https://www.scpslab.org/publications.html
  33. 33.
    M.R. Begli, F. Derakhshan, H. Karimipour, A layered intrusion detection system for critical infrastructure using machine learning, in A Layered Intrusion Detection System for Critical Infrastructure Using Machine Learning (2019), pp. 1–5. https://www.scpslab.org/publications.html
  34. 34.
    H. Pajouh, R. Javidan, et al., A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks (2016). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/7762123/
  35. 35.
    G. Sebestyen, A. Hangan, et al., A Taxonomy and Platform for Anomaly Detection (2018). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/8402710/
  36. 36.
    A. Patcha, J.-M. Park, An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007).  https://doi.org/10.1016/J.COMNET.2007.02.001 CrossRefGoogle Scholar
  37. 37.
    N. Ye, Q. Chen, An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Qual. Reliab. Eng. Int. 17(2), 105–112 (2001).  https://doi.org/10.1002/qre.392 CrossRefGoogle Scholar
  38. 38.
    P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez, Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009).  https://doi.org/10.1016/J.COSE.2008.08.003 CrossRefGoogle Scholar
  39. 39.
    C.-I. Chang, S.-S. Chiang, Anomaly detection and classification for hyperspectral imagery. IEEE Trans. Geosci. Remote Sens. 40(6), 1314–1325 (2002).  https://doi.org/10.1109/TGRS.2002.800280 CrossRefGoogle Scholar
  40. 40.
    M. Ahmed, A. Mahmood, J. Hu, A survey of network anomaly detection techniques. J. Network Comput. Appl. 60, 19–31 (2016). https://www.sciencedirect.com/science/article/pii/S1084804515002891 CrossRefGoogle Scholar
  41. 41.
    W. Lee, X. Dong, Information-theoretic measures for anomaly detection, in Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 (2000), pp. 130–143.  https://doi.org/10.1109/SECPRI.2001.924294
  42. 42.
    I. Steinwart, D. Hush, C. Scovel, A classification framework for anomaly detection. J. Mach. Learn. Res. 6(Feb), 211–232 (2005). http://www.jmlr.org/papers/v6/steinwart05a.html MathSciNetzbMATHGoogle Scholar
  43. 43.
    V. Estivil-Castro, ACM Digital Library, Proceedings of the twenty-eighth australasian conference on computer science, Newcastle, Australia, in Proceedings of the Twenty-eighth Australasian Conference on Computer Science, vol 38 (2005). https://dl.acm.org/citation.cfm?id=1082198
  44. 44.
    L. Portnoy, Intrusion Detection with Unlabeled Data Using Clustering (2000).  https://doi.org/10.7916/D8MP5904
  45. 45.
    F. Zhouyu, W. Hu, T. Tan, Similarity based vehicle trajectory clustering and anomaly detection, in IEEE International Conference on Image Processing 2005 (2005), pp. II–602.  https://doi.org/10.1109/ICIP.2005.1530127
  46. 46.
    M. Ahmed, A. N. Mahmood, & M. J. Maher (2015). Heart Disease Diagnosis Using Co-clustering.  https://doi.org/10.1007/978-3-319-16868-5_6
  47. 47.
    S. Agrawal, J. Agrawal, Survey on anomaly detection using data mining techniques. Proc. Comput. Sci. 60, 708–713 (2015). https://www.sciencedirect.com/science/article/pii/S1877050915023479 CrossRefGoogle Scholar
  48. 48.
    M. Gupta, J. Gao, et al., Outlier Detection for Temporal Data: A Survey (2013). Ieeexplore.Ieee.Org. https://ieeexplore.ieee.org/abstract/document/6684530/
  49. 49.
    N. Laptev, S. Amizadeh, et al., Generic and Scalable Framework for Automated Time-Series Anomaly Detection (2015). Dl.Acm.Org. https://dl.acm.org/citation.cfm?id=2788611
  50. 50.
    S.-W. Joo, R. Chellappa, Attribute grammar-based event recognition and anomaly detection, in 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW’06) (2016), p. 107.  https://doi.org/10.1109/CVPRW.2006.32
  51. 51.
    L. Lankewicz, M. Benard, Real-time anomaly detection using a nonparametric pattern recognition approach, in Proceedings Seventh Annual Computer Security Applications Conference (n.d.), pp. 80–89.  https://doi.org/10.1109/CSAC.1991.213016
  52. 52.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Engineering, University of GuelphGuelphCanada
  2. 2.Cyber Science Lab, School of Computer ScienceUniversity of GuelphGuelphCanada
  3. 3.Department of Mathematics and Computer ScienceBrandon UniversityBrandonCanada

Personalised recommendations