Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.

AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems / Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico. - ELETTRONICO. - 11999:(2020), pp. 53-70. ((Intervento presentato al convegno 21st International Conference, ICICS 2019 tenutosi a Beijing, China nel December 15–17, 2019 [10.1007/978-3-030-41579-2_4].

AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems

Abdelaty, Maged;Siracusa, Domenico
2020-01-01

Abstract

Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.
21st International Conference, ICICS 2019, Beijing, China, December 15–17, 2019
Switzerland
Springer International Publishing
978-3-030-41578-5
978-3-030-41579-2
Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico
AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems / Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico. - ELETTRONICO. - 11999:(2020), pp. 53-70. ((Intervento presentato al convegno 21st International Conference, ICICS 2019 tenutosi a Beijing, China nel December 15–17, 2019 [10.1007/978-3-030-41579-2_4].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/256549
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
social impact