ICS cyber attack detection with ensemble machine learning and DPI using cyber-Kit datasets

Digitization has pioneered to drive exceptional changes across all industries in the advancement of analytics, automation, and Artificial Intelligence (AI) and Machine Learning (ML). However, new business requirements associated with the efficiency benefits of digital...

Full description

Saved in:
Bibliographic Details
Main Authors: Mubarak, Sinil, Habaebi, Mohamed Hadi, Islam, Md. Rafiqul, Khan, Sheroz
Format: Conference or Workshop Item
Language:English
English
English
Published: IEEE 2021
Subjects:
Online Access:http://irep.iium.edu.my/90597/7/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine_schedule.pdf
http://irep.iium.edu.my/90597/13/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine%20Learning%20and%20DPI%20using%20Cyber-kit%20Datasets_Scopus.pdf
http://irep.iium.edu.my/90597/14/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine%20Learning.pdf
http://irep.iium.edu.my/90597/
https://ieeexplore-ieee-org.ezlib.iium.edu.my/document/9467162
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Islam Antarabangsa Malaysia
Language: English
English
English
Description
Summary:Digitization has pioneered to drive exceptional changes across all industries in the advancement of analytics, automation, and Artificial Intelligence (AI) and Machine Learning (ML). However, new business requirements associated with the efficiency benefits of digitalization are forcing increased connectivity between IT and OT networks, thereby increasing the attack surface and hence the cyber risk. Cyber threats are on the rise and securing industrial networks are challenging with the shortage of human resource in OT field, with more inclination to IT/OT convergence and the attackers deploy various hi-tech methods to intrude the control systems nowadays. We have developed an innovative real-time ICS cyber test kit to obtain the OT industrial network traffic data with various industrial attack vectors. In this paper, we have introduced the industrial datasets generated from ICS test kit, which incorporate the cyber- physical system of industrial operations. These datasets with a normal baseline along with different industrial hacking scenarios are analyzed for research purposes. Metadata is obtained from Deep packet inspection (DPI) of flow properties of network packets. DPI analysis provides more visibility into the contents of OT traffic based on communication protocols. The advancement in technology has led to the utilization of machine learning/artificial intelligence capability in IDS ICS SCADA. The industrial datasets are pre-processed, profiled and the abnormality is analyzed with DPI. The processed metadata is normalized for the easiness of algorithm analysis and modelled with machine learning-based latest deep learning ensemble LSTM algorithms for anomaly detection. The deep learning approach has been used nowadays for enhanced OT IDS performances.