Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.

AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems / Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico. - ELETTRONICO. - 11999:(2020), pp. 53-70. (Intervento presentato al convegno 21st International Conference on Information and Communications Security, ICICS 2019 tenutosi a Beijing, China nel 15–17 December , 2019) [10.1007/978-3-030-41579-2_4].

AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems

Abdelaty, Maged
;
Siracusa, Domenico
2020-01-01

Abstract

Deep Neural Networks are emerging as effective techniques to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). In general, these techniques focus on learning a “normal” behavior of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behavior, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the quality of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents AADS (Adaptive Anomaly Detection in industrial control Systems), a novel framework based on neural networks and greedy-algorithms that tailors the learning-based anomaly detection process to the changing nature of ICSs. AADS efficiently adapts a pre-trained model to learn new changes in the system behavior with a small number of data samples (i.e., time steps) and a few gradient updates. The performance of AADS is evaluated using the Secure Water Treatment (SWaT) dataset, and its sensitivity to additive noise is investigated. Our results show an increased detection rate compared to state of the art approaches, as well as more robustness to additive noise.
2020
Information and Communications Security.
GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
SPRINGER INTERNATIONAL PUBLISHING AG
978-3-030-41578-5
978-3-030-41579-2
Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico
AADS: A Noise-Robust Anomaly Detection Framework for Industrial Control Systems / Abdelaty, Maged; Doriguzzi-Corin, Roberto; Siracusa, Domenico. - ELETTRONICO. - 11999:(2020), pp. 53-70. (Intervento presentato al convegno 21st International Conference on Information and Communications Security, ICICS 2019 tenutosi a Beijing, China nel 15–17 December , 2019) [10.1007/978-3-030-41579-2_4].
File in questo prodotto:
File Dimensione Formato  
AADS_ICICS_2019_paper.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 502.26 kB
Formato Adobe PDF
502.26 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/256549
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 3
  • OpenAlex ND
social impact