A Self-supervised Sensors’ Anomaly Detection Scheme in Industrial Control Systems based on Ensemble Deep Learning

Abstract :

In this paper, a self-supervised one-class sensors’ anomaly detection approach based on ensemble deep learning for industrial control systems (ICS). Technological advancements have allowed them to connect to the internet to improve the performance of their remote control. Although this connection provides many advantages for ICS, it causes vulnerabilities against cyber-attacks. Anomaly detection is a prominent process to mitigate faults along with the cyber-attacks. In this context, several anomaly detection methods are proposed that are mainly based on local and short-term analyses of the data. The proposed method employs an ensemble deep learning scheme based on combining various temporal, spatial, local, and global characteristics of the individual detection agents during the prediction process, simultaneously. The detection agents have a homogenous workflow with heterogenous prediction structures to consider various characteristics of the input signal. The considered structures of the proposed detection method are based on Long-Short-Term Memory , Convolutional Neural Network, and fully connected encoder-decoder schemes. Each unit calculates a normal degree based on the prediction and reconstruction error for the input signal. The normal degree is calculated based on the statistics of the encoder-decoder error considering the correlations among spatial and temporal features. These structures execute in parallel and send their results to a weighted threshold gate voter to determine the final output. To evaluate the efficiency of the proposed method, several experiments on a simulated ICS are performed and the results demonstrate an average improvement of 14% in precision compared to related studies.

References:

[1] E. Knapp, Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Elsevier, 2024
[2] R. Radvanovsky and J. Brodsky, Handbook of SCADA. Boca Raton Crc Press, 2016.
[3] B. Zhu and S. Sastry, “Scada-specific intrusion detection/prevention systems: a survey and taxonomy,” in Proceedings of the 1st Workshop on Secure Control Systems (SCS), 2010.
[4] B. Kim, M. Alawami, E. Kim, S. Oh, J. Park, H. Kim, “A comparative study of time series anomaly detection models for industrial control systems,” Sensors, vol. 23, p. 1310, January 2023.
[5] M. Nawrocki, M, T. Schmidt, M. Wählisch, “Uncovering Vulnerable Industrial Control Systems from the Internet Core,” In Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 20–24 April 2020.
[6] A. Di Pinto, Y. Dragoni, A. Carcano, “The First ICS Cyber Attack on Safety Instrument Systems,” In Proceedings of the Black Hat USA, Las Vegas, NV, USA, 4–9 August 2018.
[7] K. D. Gupta, K. Singhal, D. K. Sharma, N. Sharma, and S. J. Malebary, “Fuzzy Controller-empowered Autoencoder Framework for anomaly detection in Cyber Physical Systems,” Computers & Electrical Engineering, vol. 108, p. 108685, May 2023.
[8] D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. Sarigiannidis, “A survey on SCADA systems: secure protocols, incidents, threats and tactics,” IEEE Communications Surveys & Tutorials, vol. 22, pp.1942-1976, April 2020.
[9] Y. Yang, K. McLaughlin, T. Littler, S. Sezer, B. Pranggono, and H. Wang, “Intrusion detection system for IEC 60870-5-104 based scada networks,” in Proceeding IEEE Power & Energy Society General Meeting, 2013.
[10] S. Alem, D. Espes, L. Nana, E. Martin, F. De Lamotte, “A novel bi-anomaly-based intrusion detection system approach for industry 4.0,” Future Generation Computer Systems, vol. 145, pp.267-283, August 2023.
[11] F. Skopik, I. Friedberg, and R. Fiedler, “Dealing with advanced persistent threats in smart grid ict networks,” in Proceeding Innovative Smart Grid Technologies Conference (ISGT), 2014.
[12] I. Friedberg, F. Skopik, G. Settanni, and R. Fiedler, “Combating advanced persistent threats: From network event correlation to incident detection,” Computers & Security, vol. 48, pp. 35–57, 2015.
[13] F. Zhang, H. Kodituwakku, J. Hines, J. Coble, “ Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data,” IEEE Transactions on Industrial Informatics, vol. 15, pp.4362-4369, January 2019.
[14] GR. MR, N. Somu, A. Mathur, “A Multilayer Perceptron Model for Anomaly Detection in Water Treatment Plants,” International Journal of Critical Infrastructure Protection, vol. 31, p. 100393, December 2020.
[15] R. Khalil, N. Saeed, M. Masood, Y. Fard, M. Alouini, T. Al-Naffouri, “Deep learning in the industrial internet of things: Potentials, challenges, and emerging applications,” IEEE Internet of Things Journal, vol. 8, pp. 11016-11040, 2021.
[16] H. Mao, M. Alizadeh, I. Menache, S. Kandula, “Resource management with deep reinforcement learning,” in Proceedings of the 15th ACM Workshop on Hot Topics in Networks, 2016.
[17] Y. Lu, S. Chai, Y. Suo, F. Yao, C. Zhang, “Intrusion detection for Industrial Internet of Things based on deep learning,” Neurocomputing, vol. 564, 2024.
[18] J. Audibert, P. Michiardi, F. Guyard, S. Marti, M. Zuluaga, “USAD: Unsupervised Anomaly Detection on Multivariate Time Series,” In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, 2020.
[19] A. Deng, B. Hooi, “Graph Neural Network-Based Anomaly Detection in Multivariate Time Series,” In Proceedings of the AAAI Conference on Artificial Intelligence, 2021.
[20] Z. Li, Y. Zhao, J. Han, Y. Su, R. Jiao, X. Wen, D. Pei, “Multivariate Time Series Anomaly Detection and Interpretation using Hierarchical Inter-Metric and Temporal Embedding,” In Proceedings of the ACM SIGKDD Conference on Knowledge Discovery & Data Mining, 2021.
[21] A. Koay, R. Ko, H. Hettema, K. Radke, “Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges,” Journal of Intelligent Information Systems, vol. 60, pp. 377-405, 2023.
[22] M. Nankya, R. Chataut, R. Akl, “Securing industrial control systems: components, cyber threats, and machine learning-driven defense strategies,” Sensors, vol. 23, p. 8840, 2023.
[23] L. Yuan, X. Ya, C. Long, P. Guojun, Y. Danfeng “Deep Learning-Based Anomaly Detection in Cyber-Physical Systems: Progress and Opportunities,” ACM Computing Surveys, vol. 54, pp. 1-36, 2021.
[24] W. Hilal, S. Gadsden, J. Yawney, “Financial fraud: a review of anomaly detection techniques and recent advances,” Expert systems With applications, vol. 193, p. 116429, 2022.
[25] A. Sgueglia, A. Sorbo, C. Visaggio, G. Canfora, ’A systematic literature review of IoT time series anomaly detection solutions,’ Future Generation Computer Systems, Vol. 134, PP. 170-186, 2022.
[26] A.Cook, G. Mısırlı, Z. Fan, “Anomaly Detection for IoT Time-Series Data: A Survey,” IEEE Internet of Things Journal, December 2019.
[27] L. Erhan, M. Ndubuaku, M. Di Mauro, W. Song, M. Chen, G. Fortino, O. Bagdasar, A. Liotta, ’Smart anomaly detection in sensor systems: A multi-perspective review’, Information Fusion,2020.
[28] A. Blázquez-García, A. Conde, U. Mori, J. Lozano, “A review on outlier/anomaly detection in time series data,” ACM computing surveys (CSUR), vol. 54, pp. 1-33, 2021.
[29] M. Van Onsem, D. De Paepe, S. Hautte, P. Bonte, V. Ledoux, A. Lejon, S. Van Hoecke, “Hierarchical pattern matching for anomaly detection in time series,” Computer Communications, vol. 193, pp. 75-81, 2022.
[30] C. Feng, T. Li and D. Chana, "Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks," 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017.
[31] Y. Lai, J. Zhang, and Z. Liu, “Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network,” Security and Communication Networks, vol. 2019, pp. 1–11, Sep. 2019.
[32] M. Kravchik and A. Shabtai, “Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks,” Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, 2018.
[33] A. Abdi, A. Ghasemi-Tabar, "ARAD: Automated and Real-Time Anomaly Detection in Sensors of Autonomous Vehicles Through a Lightweight Supervised Learning Approach," IEEE Access, vol. 12, pp. 90432-90441, 2024
[34] L. Yuan, X. Ya, C. Long, P. Guojun, Y. Danfeng “Deep Learning-Based Anomaly Detection in Cyber-Physical Systems: Progress and Opportunities,” ACM Computing Surveys, vol. 54, pp. 1-36, 2021.
[35] Y. Wu, H. Dai, H. Tang, H, “Graph neural networks for anomaly detection in industrial internet of things,” IEEE Internet of Things Journal, vol. 9, pp. 9214-9231, 2021.
[36] Y. LeCun, Y. Bengio, and G. Hinton, “Deep Learning,” Nature, vol. 521, pp. 436-444, 2015.
[37] A. Géron, Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow. “O’Reilly Media, Inc.,” 2022.
[38] H. Mao, M. Alizadeh, I. Menache, S. Kandula, “Resource management with deep reinforcement learning,” in Proceedings of the 15th ACM Workshop on Hot Topics in Networks. ACM, 2016, pp. 50-56.
[39] Y. Lu, S. Chai, Y. Suo, F. Yao, C. Zhang, “Intrusion detection for Industrial Internet of Things based on deep learning,” Neurocomputing, vol. 564, 2024.
[40] Y. LeCun, Generalization and network design strategies, Technical Report, CRG-TR-89-4, University of Toronto, 1989.
[41] M.T. Jones, A beginner’s guide to artificial intelligence, machine learning, and cognitive computing, Technical Report, IBM, 2017.
[42] E. Sisinni, A. Saifullah, S. Han, U. Jennehag, M. Gidlund, “Industrial internet of things: Challenges, opportunities, and directions,” IEEE transactions on industrial informatics, vol. 14, pp. 4724-4734, 2018.
[43] J. Yu, H. Yin, X. Xia, T. Chen, J. Li and Z. Huang, "Self-Supervised Learning for Recommender Systems: A Survey," in IEEE Transactions on Knowledge and Data Engineering, vol. 36, pp. 335-355, Jan. 2024.
[44] J. Gui, T. Chen, J. Zhang, Q. Cao, Z. Sun, H. Luo, D. Tao, “A Survey on Self-supervised Learning: Algorithms, Applications, and Future Trends,” IEEE Transactions on Pattern Analysis and Machine Intelligence, June 2024.
[45] A. Mathur, N. Tippenhauer, “SWaT: A Water Treatment Testbed for Research and Training on ICS Security,” In Proceedings of the International Workshop on Cyber-Physical Systems for Smart Water Networks, 2016.
[46] M, Macas, W. Chunming, “Enhanced Cyber-Physical Security through Deep Learning Techniques,” In Proceedings of the CPS Summer School PhD Workshop, 2019.
[47] A. Abdulaal, Z. Liu, T. Lancewicki, “ Practical Approach to Asynchronous Multivariate Time Series Anomaly Detection and Localization,” In Proceedings of the ACM SIGKDD Conference on Knowledge Discovery & Data Mining, 2021.