Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.4.691

Research on Data Tuning Methods to Improve the Anomaly Detection Performance of Industrial Control Systems  

JUN, SANGSO (Korea University)
Lee, Kyung-ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.4, 2022 , pp. 691-708 More about this Journal
Abstract
As the technology of machine learning and deep learning became common, it began to be applied to research on anomaly(abnormal) detection of industrial control systems. In Korea, the HAI dataset was developed and published to activate artificial intelligence research for abnormal detection of industrial control systems, and an AI contest for detecting industrial control system security threats is being conducted. Most of the anomaly detection studies have been to create a learning model with improved performance through the ensemble model method, which is applied either by modifying the existing deep learning algorithm or by applying it together with other algorithms. In this study, a study was conducted to improve the performance of anomaly detection with a post-processing method that detects abnormal data and corrects the labeling results, rather than the learning algorithm and data pre-processing process. Results It was confirmed that the results were improved by about 10% or more compared to the anomaly detection performance of the existing model.
Keywords
Anomaly Detection; ICS Securiy; Time Sereies Data; HAI Dataset; SWaT;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Blazquez-Garcia, Ane, et al. "A review on outlier/anomaly detection in time series data." ACM Computing Surveys (CSUR) 54.3 (2021): 1-33.   DOI
2 Braei, Mohammad, and Sebastian Wagner. "Anomaly detection in univariate time-series: A survey on the state-of-the-art." arXiv preprint arXiv:2004.00433 (2020).
3 Shin, Hyeok-Ki, et al. "HAI 1.0: HIL-based Augmented ICS Security Dataset." 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). 2020.
4 Audibert, Julien, et al. "Usad: Unsupervised anomaly detection on multivariate time series." Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 2020.
5 Choi, Seungoh, Jeong-Han Yun, and Sin-Kyu Kim. "A comparison of ICS datasets for security research based on attack paths." International Conference on Critical Information Infrastructures Security. Springer, Cham, 2018.
6 Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun and Byung-Gil Min, "ICS security dataset", 2022. GitHub, Available at: https://github.com/icsdataset.
7 DACON, Industrial Control Systems Security Threat Detection AI Competition https://dacon.io/competitions/official/235624. Last accessed 23 Jun. 2022
8 Morris, T.H.: Industrial control system (ics) cyber attack datasets. https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets. Last accessed 23 Jun. 2022
9 Lemay, A.: Scada network datasets. https://github.com/antoine-lemay/Modbus_dataset. Last accessed 23 Jun. 2022
10 Into The Data, data sciense wiki - an omaly detection, https://intothedata.com/02.scholar_category/anomaly_detection. Last accessed 25 Jun. 2022
11 Mahesh, Batta. "Machine learning algorithms-a review." International Journal of Science and Research (IJSR).[Internet] 9 (2020): 381-386.
12 Bian, Xingchao. "Detecting Anomalies in Time-Series Data using Unsupervised Learning and Analysis on Infrequent Signatures." Journal of IKEEE 24.4 (2020): 1011-1016.   DOI
13 Bae, Sungho, Chanwoong Hwang, and Taejin Lee. "Research on Improvement of Anomaly Detection Performance in Industrial Control Systems." International Conference on Information Security Applications. Springer, Cham, 2021.
14 HyoSeok Kim, Yong-Min Kim. "Abnormal Detection for Industrial Control Systems Using Ensemble Recurrent Neural Networks Model." Journal of The Korea Institute of Information Security & Cryptology 31.3 (2021).
15 Kim, Doyeon, Chanwoong Hwang, and Taejin Lee. "Stacked-autoencoder based anomaly detection with industrial control system." International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. Springer, Cham, 2021.
16 HAI v3.0(22.04), "hai dataset technical details v3.0", Retrieved from https://github.com/icsdataset/hai/blob/master/hai_dataset_technical_details_v3.0.pdf. Last accessed 15 Jun. 2022
17 Hwang, Won-Seok, et al. "Do you know existing accuracy metrics overrate time-series anomaly detections?." Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 2022.
18 Shalyga, Dmitry, Pavel Filonov, and Andrey Lavrentyev. "Anomaly detection for water treatment system based on neural network with automatic architecture optimization." arXiv preprint arXiv:1807.07282 (2018).
19 Xu, Jiehui, et al. "Anomaly transformer: Time series anomaly detection with association discrepancy." arXiv preprint arXiv:2110.02642 (2021).
20 Filonov, Pavel, Andrey Lavrentyev, and Artem Vorontsov. "Multivariate industrial time series with cyber-attack simulation: Fault detection using an lstm-based predictive data model." arXiv preprint arXiv:1612.06676 (2016).
21 Lee, Jong-Hu, Kim, U-Nyeon, "Industrial Control System Security Requirements Standard Introduction", TTA, 2017
22 iTrust: Swat datasets. https://itrust.sutd.edu.sg/itrust-labs_datasets/. Last accessed 23 Jun. 2022
23 Rodofile, N.R.: S7comm datasets. https://github.com/qut-infosec/2017QUT_S7comm. Last accessed 23 Jun. 2022
24 DATA SCIENCE BLOG, 2018, https://www.datascienceblog.net/post/commentary/inference-vs-prediction. Last accessed 25 Jun. 2022
25 ORIDORI, DACON, https://dacon.io/competitions/official/235757/codeshare/4600?page=1&dtype=recent. Last accessed 3 Jul. 2022
26 Seong, ChangMin, et al. "Towards Building Intrusion Detection Systems for Multivariate Time-Series Data." Silicon Valley Cybersecurity Conference. Springer, Cham, 2021.