Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.3.401

Abnormal Detection for Industrial Control Systems Using Ensemble Recurrent Neural Networks Model  

Kim, HyoSeok (Interdisciplinary Program of Information Security, Chonnam National University)
Kim, Yong-Min (Dept. of Electronic Commerce, Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.3, 2021 , pp. 401-410 More about this Journal
Abstract
Recently, as cyber attacks targeting industrial control systems increase, various studies are being conducted on the detection of abnormalities in industrial processes. Considering that the industrial process is deterministic and regular, It is appropriate to determine abnormality by comparing the predicted value of the detection model from which normal data is trained and the actual value. In this paper, HAI Datasets 20.07 and 21.03 are used. In addition, an ensemble model is created by combining models that have applied different time steps to Gated Recurrent Units. Then, the detection performance of the single model and the ensemble recurrent neural networks model were compared through various performance evaluation analysis, and It was confirmed that the proposed model is more suitable for abnormal detection in industrial control systems.
Keywords
Abnormal Detection; Time Series Data; RNN; ICS; HAI Dataset;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jonguk Kim, Jeong-Han Yun and Hyoung Chun Kim, "Anomaly Detection for Industrial Control Systems Using Sequence-to-Sequence Neural Networks," Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems(CyberICPS 2019) in conjunction with ESORICS 2019, Nov, 2019
2 antoine-lemay Github, "SCADA network datasets", https://github.com/antoine-lemay/Modbus_dataset (last accessed 15-Nov-2020)
3 Dan Li, Dacheng Chen, Jonathan Goh and See-kiong Ng, "Anomaly Detection with Generative Adversarial Networks for Multivariate Time Series," International Workshop on Big Data, Streams and Heterogeneous Source Mining: Algorithms, Systems, Programming Models and Applications, Jan, 2019
4 Hyuk-ki Shin, Womyo Le, Jeong-Han Yun, and Hyoungchun Kim, "HAI 1.0: HIL-based Augmented ICS Security Dataset," 13th USENIX Workshop on Cyber Security Experimentation and Test, 2020
5 Choi Seungoh and Kim Woo-Nyon, "Cyber-Physical System TestBed Technology Research Trend," Jonornal of The Korea Institute of information Security & Cryptology, 27(2), pp. 46-56, Apr. 2017
6 Kwon Sungmoon and Shon Taeshik, "SWaT testbed dataset and Abnormal Detection Trend," Jonornal of The Korea Institute of information Security & Cryptology, 29(2), pp. 29-35, Apr. 2019
7 Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn, Guide to Industrial Control System Security, NIST SP 800-82, May. 2015
8 ICS(Industrial Control System) Security Dataset Github, "HIL-based Augmented ICS(HAI) Security Dataset", https://github.com/icsdataset/hai (last accessed 01-Apr-2021)
9 Won-seok Hwang, Jeong-Han Yun, Jonguk Kim, and Hyoungchun Kim, "Time-Series Aware Precision and Recall for Anomaly Detection-Considering Variety of Detection Result and Adresing Ambiguous Labeling," CIKM'19: Procedings of the 28th ACM International Conference on Information and Knowledge Management, 2019
10 Moshe Kravchik and Asaf Shabtai, "Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks," Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Dec, 2018
11 Simon Duque Anton, Lia Ahrens, Daniel Fraunholz and Hans Dieter Schotten, "Time is of the Essence: Machine Learning-Based Intrusion Detection in Industrial Time Series Data," 2018 IEEE International Conference on Data Mining Workshops (ICDMW), Nov, 2018
12 Xingchao Bian, "Detecting Anomalies in Time-Series Data using Unsupervised Learning and Analysis on Infrequent," Journal of Institute of Korean Electrical and Electronics Engineers, 24(4), pp. 1011-1016, Dec. 2020
13 Julien Audibert, Pietro Michiardi, Frederic Guyard, Sebastien Marti and Maria A Zuluaga, "USAD: UnSupervised Anomaly Detection on Multivariate Time Series," Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, Aug. 2020.
14 Mokhtari S, Abbaspour A, Yen KK and Sargolzaei A, "A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data," Electronics. 10(4), Feb. 2021
15 iTrust Labs_Dataset Info - iTrust, "Secure Water Treatment (SWaT)", https://itrust.sutd.edu.sg/itrust-labs_datasets/dataset_info/ (last accessed 15-Nov-2020)
16 Jonathan Goh, Sridhar Adepu, Marcus Tan and Lee Zi Shan, "Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks," 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), Jan, 2017
17 Doyeon Kim, Chanwoong Hwang, and Taejin Lee, "Stacked-Autoencoder Based Anomaly Detection with Industrial Control System," Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. SNPD 2021. Studies in Computational Intelligence, vol. 951, pp. 181-191, Feb. 2021
18 Nahyeon Ryu, Hyungseok Kim and Pilsung Kang, "Evaluating Variable Selection Techniques for Multivariate Linear Regression," Journal of the Korean Institute of Industrial Engineers, 42(5), pp. 314-326, Oct, 2016   DOI
19 Google Colaboratory, "Colab Pro", https://colab.research.google.com/notebooks/pro.ipynb (last accessed 01-Apr-2021)
20 Ilya Loshchilov and Frank Hutter, "Decoupled weight decay regularization," In International Conference on Learning Representations(ICLR), Jan, 2019
21 Kyunghyun Cho, Bart van Merrienboer, Caglar Gulcehre, Dzmitry Bahdanau, Fethi Bougares, Holger Schwenk and Yoshua Bengio, "Learning Phrase Representations using RNN Encoder-Decoder for Statistical Machine Translation," In Proceedings of the Empirical Methods in Natural Language Processing (EMNLP), Sep, 2014