Deep Learning is emerging as an effective technique to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). The conventional detection approach is to learn the “normal” behaviour of the system, to be then able to label noteworthy deviations from it as anomalies. However, the normal behaviour of ICSs continuously evolves over time for multiple reasons, such as update/replacement of devices, workflow modifications or others. As a consequence, the accuracy of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This article presents DAICS , a novel deep learning framework with a modular design to fit in large ICSs. The key component of the framework is a 2-branch neural network that learns the changes in the ICS behaviour with a small number of data samples and a few gradient updates. This is supported by an automatic tuning mechanism of the detection threshold that takes into account the changes in the prediction error under normal operating conditions. In this regard, no specialised human intervention is needed to update the other parameters of the system. DAICS has been evaluated using publicly available datasets and shows an increased detection rate and accuracy compared to state-of-the-art approaches, as well as higher robustness to additive noise.
DAICS: A Deep Learning Solution for Anomaly Detection in Industrial Control Systems / Abdelaty, Maged Fathy; Doriguzzi Corin, Roberto; Siracusa, Domenico. - In: IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING. - ISSN 2168-6750. - 2022, 10:2(2022), pp. 1117-1129. [10.1109/TETC.2021.3073017]
DAICS: A Deep Learning Solution for Anomaly Detection in Industrial Control Systems
Abdelaty, Maged Fathy;Siracusa, Domenico
2022-01-01
Abstract
Deep Learning is emerging as an effective technique to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). The conventional detection approach is to learn the “normal” behaviour of the system, to be then able to label noteworthy deviations from it as anomalies. However, the normal behaviour of ICSs continuously evolves over time for multiple reasons, such as update/replacement of devices, workflow modifications or others. As a consequence, the accuracy of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This article presents DAICS , a novel deep learning framework with a modular design to fit in large ICSs. The key component of the framework is a 2-branch neural network that learns the changes in the ICS behaviour with a small number of data samples and a few gradient updates. This is supported by an automatic tuning mechanism of the detection threshold that takes into account the changes in the prediction error under normal operating conditions. In this regard, no specialised human intervention is needed to update the other parameters of the system. DAICS has been evaluated using publicly available datasets and shows an increased detection rate and accuracy compared to state-of-the-art approaches, as well as higher robustness to additive noise.| File | Dimensione | Formato | |
|---|---|---|---|
|
DAICS-early-access-ieee.pdf
Solo gestori archivio
Tipologia:
Post-print referato (Refereed author’s manuscript)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
634.85 kB
Formato
Adobe PDF
|
634.85 kB | Adobe PDF | Visualizza/Apri |
|
DAICS_A_Deep_Learning_Solution_for_Anomaly_Detection_in_Industrial_Control_Systems.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.52 MB
Formato
Adobe PDF
|
1.52 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
