ICS cyber attack detection with ensemble machine learning and DPI using cyber-Kit datasets
Digitization has pioneered to drive exceptional changes across all industries in the advancement of analytics, automation, and Artificial Intelligence (AI) and Machine Learning (ML). However, new business requirements associated with the efficiency benefits of digital...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Conference or Workshop Item |
Language: | English English English |
Published: |
IEEE
2021
|
Subjects: | |
Online Access: | http://irep.iium.edu.my/90597/7/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine_schedule.pdf http://irep.iium.edu.my/90597/13/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine%20Learning%20and%20DPI%20using%20Cyber-kit%20Datasets_Scopus.pdf http://irep.iium.edu.my/90597/14/90597_ICS%20Cyber%20Attack%20Detection%20with%20Ensemble%20Machine%20Learning.pdf http://irep.iium.edu.my/90597/ https://ieeexplore-ieee-org.ezlib.iium.edu.my/document/9467162 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Islam Antarabangsa Malaysia |
Language: | English English English |
Summary: | Digitization has pioneered to drive exceptional
changes across all industries in the advancement of analytics, automation, and Artificial
Intelligence (AI) and Machine Learning (ML). However, new business requirements
associated with the efficiency benefits of digitalization are forcing increased connectivity
between IT and OT networks, thereby increasing the attack surface and hence the cyber risk.
Cyber threats are on the rise and securing industrial networks are challenging with the
shortage of human resource in OT field, with more inclination to IT/OT convergence and the
attackers deploy various hi-tech methods to intrude the control systems nowadays. We have
developed an innovative real-time ICS cyber test kit to obtain the OT industrial network
traffic data with various industrial attack vectors. In this paper, we have introduced
the industrial datasets generated from ICS test kit, which incorporate the cyber-
physical system of industrial operations. These datasets with a normal baseline along with
different industrial hacking scenarios are analyzed for research purposes. Metadata is
obtained from Deep packet inspection (DPI) of flow properties of network packets. DPI analysis
provides more visibility into the contents of OT traffic based on communication protocols. The
advancement in technology has led to the utilization of machine learning/artificial intelligence
capability in IDS ICS SCADA. The industrial datasets are pre-processed, profiled and the
abnormality is analyzed with DPI. The processed metadata is normalized for the easiness of
algorithm analysis and modelled with machine learning-based latest deep learning
ensemble LSTM algorithms for anomaly detection. The deep learning approach has been used
nowadays for enhanced OT IDS performances. |
---|