Abstract
Developments and upgrades in the field of industrial information technology, particularly those relating to information systems’ technologies for the collection and processing of real-time data, have introduced a large number of new threats. These threats are primarily related to the specific tasks these applications perform, such as their distinct design specifications, the specialized communication protocols they use and the heterogeneous devices they are required to interconnect. In particular, specialized attacks can undertake mechanical control, dynamic rearrangement of centrifugation or reprogramming of devices in order to accelerate or slow down their operations. This may result in total industrial equipment being destroyed or permanently damaged. Cyber-attacks against Industrial Control Systems which mainly use Supervisory Control and Data Acquisition (SCADA) combined with Distributed Control Systems are implemented with Programmable Logic Controllers. They are characterized as Advanced Persistent Threats. This paper presents an advanced Spiking One-Class Anomaly Detection Framework (SOCCADF) based on the evolving Spiking Neural Network algorithm. This algorithm implements an innovative application of the One-class classification methodology since it is trained exclusively with data that characterize the normal operation of ICS and it is able to detect divergent behaviors and abnormalities associated with APT attacks.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Falco, J., et al.: IT security for industrial control systems. NIST Internal Report (NISTIR) 6859 (2002). http://www.nist.gov/customcf/get_pdf.cfm?pub_id=821684
Bailey, D., Wright, E.: Practical SCADA for Industry. IDC Technologies, Vancouver (2003)
Boyer, S.: SCADA: Supervisory Control and Data Acquisition, 4th edn. International Society of Automation, Research Triangle Park, North Carolina (2010)
Weiss, J.: Current status of cybersecurity of control systems. In: Presentation to Georgia Tech Protective Relay Conference (2003)
Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: 3rd USENIX Workshop on Hot Topics in Security (HotSec 2008), Associated with the 17th USENIX Security Symposium, San Jose, CA, USA (2008)
Raj, V.S., Chezhian, R.M., Mrithulashri, M.: Advanced persistent threats & recent high profile cyber threat encounters. Int. J. Innov. Res. Comput. Commun. Eng. 2(1) (2014). (An ISO 3297: 2007 Certified Organization)
Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: The 6th International Conference on Information-Warfare & Security, pp. 113–125 (2010)
Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013). doi:10.1109/MSP.2012.90
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009). doi:10.1145/1541880.1541882
Zimek, A., Schubert, E., Kriegel, H.-P.: A survey on unsupervised outlier detection in high-dimensional numerical data. Stat. Anal. Data Min. 5(5), 363–387 (2012). doi:10.1002/sam.11161
Knorr, E.M., Ng, R.T., Tucakov, V.: Distance-based outliers: algorithms and applications. VLDB J. Int. J. Very Large Data Bases 8(3–4), 237–253 (2000). doi:10.1007/s007780050006
Hawkins, S., He, H., Williams, G., Baxter, R.: Outlier detection using replicator neural networks. In: Kambayashi, Y., Winiwarter, W., Arikawa, M. (eds.) DaWaK 2002. LNCS, vol. 2454, pp. 170–180. Springer, Heidelberg (2002). doi:10.1007/3-540-46145-0_17
Valko, M., Cooper, G., Seybert, A., Visweswaran, S., Saul, M., Hauskrecht, M.: Conditional anomaly detection methods for patient-management alert systems. In: Workshop on Machine Learning in Health Care Applications in the 25th International Conference on Machine Learning (2008)
Skabar, A.: Single-class classifier learning using neural networks: an application to the prediction of mineral deposits. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, vol. 4, pp. 2127–2132 (2003)
Manevitz, L.M., Yousef, M.: One-class SVMS for document classification. J. Mach. Learn. Res. 2, 139–154 (2001)
Demertzis, K., Iliadis, L.: Intelligent bio-inspired detection of food borne pathogen by DNA barcodes: the case of invasive fish species Lagocephalus Sceleratus. In: Iliadis, L., Jayne, C. (eds.) EANN 2015. CCIS, vol. 517, pp. 89–99. Springer, Cham (2015). doi:10.1007/978-3-319-23983-5_9
Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Cham (2014). doi:10.1007/978-3-319-11710-2_2
Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 322–334. Springer, Cham (2014). doi:10.1007/978-3-319-07869-4_30
Demertzis, K., Iliadis, L.: A bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras, N.J., Rassias, M.T. (eds.) Computation, Cryptography, and Network Security, pp. 161–193. Springer, Cham (2015). doi:10.1007/978-3-319-18275-9_7
Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Proceedings of the 9th KICSS 2014, Knowledge Information and Creative Support Systems, Cyprus, pp. 231–243, November 2014. ISBN 978-9963-700-84-4
Demertzis, K., Iliadis, L.: Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds.) SLDS 2015. LNCS, vol. 9047, pp. 223–233. Springer, Cham (2015). doi:10.1007/978-3-319-17091-6_17
Demertzis, K., Iliadis, L.: SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B. (eds.) ICCCI 2015. LNCS, vol. 9330, pp. 235–245. Springer, Cham (2015). doi:10.1007/978-3-319-24306-1_23
Demertzis, K., Iliadis, L.: Computational intelligence anti-malware framework for android OS. Spec. Issue Vietnam J. Comput. Sci. (VJCS) 4, 1–15 (2016). doi:10.1007/s40595-017-0095-3. Springer
Demertzis, K., Iliadis, L.: Detecting invasive species with a bio-inspired semi supervised neurocomputing approach: the case of Lagocephalus sceleratus. Spec. Issue Neural Comput. Appl. 28, 1225–1234 (2016). doi:10.1007/s00521-016-2591-2. Springer
Demertzis, K., Iliadis, L.: SICASEG: a cyber threat bio-inspired intelligence management system. J. Appl. Math. Bioinform. 6(3), 45–64 (2016). ISSN 1792-6602 (print), 1792-6939 (online). Scienpress Ltd.
Bougoudis, I., Demertzis, K., Iliadis, L.: Fast and low cost prediction of extreme air pollution values with hybrid unsupervised learning. Integr. Comput.-Aided Eng. 23(2), 115–127 (2016). doi:10.3233/ICA-150505. IOS Press
Bougoudis, I., Demertzis, K., Iliadis, L.: HISYCOL a hybrid computational intelligence system for combined machine learning: the case of air pollution modeling in Athens. EANN Neural Comput. Appl. 27, 1191–1206 (2016). doi:10.1007/s00521-015-1927-7
Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S.: A hybrid soft computing approach producing robust forest fire risk indices. In: Iliadis, L., Maglogiannis, I. (eds.) AIAI 2016. IAICT, vol. 475, pp. 191–203. Springer, Cham (2016). doi:10.1007/978-3-319-44944-9_17
Anezakis, V.-D., Dermetzis, K., Iliadis, L., Spartalis, S.: Fuzzy cognitive maps for long-term prognosis of the evolution of atmospheric pollution, based on climate change scenarios: the case of Athens. In: Nguyen, N.-T., Manolopoulos, Y., Iliadis, L., Trawiński, B. (eds.) ICCCI 2016. LNCS, vol. 9875, pp. 175–186. Springer, Cham (2016). doi:10.1007/978-3-319-45243-2_16
Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A.: Semi-supervised hybrid modeling of atmospheric pollution in urban centers. In: Jayne, C., Iliadis, L. (eds.) EANN 2016. CCIS, vol. 629, pp. 51–63. Springer, Cham (2016). doi:10.1007/978-3-319-44188-7_4
Moya, M., Koch, M., Hostetler, L.: One-class classifier networks for target recognition applications. In: Proceedings World Congress on Neural Networks, pp. 797–801 (1993)
Munroe, D.T., Madden, M.G.: Multi-class and single-class classification approaches to vehicle model recognition from images. In: Proceedings of Irish Conference on Artificial Intelligence and Cognitive Science, Portstewart (2005)
Yu, H.: SVMC: single-class classification with support vector machines. In: Proceedings of International Joint Conference on Artificial Intelligence, pp. 567–572 (2003)
El-Yaniv, R., Nisenson, M.: Optimal single-class classification strategies. In: Proceedings of the 2006 NIPS Conference, vol. 19, pp. 377–384. MIT Press (2007)
Juszczak, P.: Learning to recognise. A study on one-class classification and active learning. Ph.D. thesis, Delft University of Technology (2006)
Luo, J., Ding, L., Pan, Z., Ni, G., Hu, G.: Research on cost-sensitive learning in one-class anomaly detection algorithms. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 259–268. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73547-2_27
Shieh, A.D., Kamm, D.F.: Ensembles of one class support vector machines. In: Benediktsson, J.A., Kittler, J., Roli, F. (eds.) MCS 2009. LNCS, vol. 5519, pp. 181–190. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02326-2_19
Soupionis, Y., Ntalampiras, S., Giannopoulos, G.: Faults and cyber attacks detection in critical infrastructures. In: Panayiotou, C.G., Ellinas, G., Kyriakides, E., Polycarpou, M.M. (eds.) CRITIS 2014. LNCS, vol. 8985, pp. 283–289. Springer, Cham (2016). doi:10.1007/978-3-319-31664-2_29
Qin, Y., Cao, X., Liang, P., Hu, Q., Zhang, W.: Research on the analytic factor neuron model based on cloud generator and its application in oil&gas SCADA security defense. In: IEEE 3rd International Conference on Cloud Computing and Intelligence Systems (CCIS) (2014). doi:10.1109/CCIS.2014.7175721
Chen, Q., Abdelwahed, S.: A model-based approach to self-protection in computing system. In: Proceedings of the ACM Cloud and Autonomic Computing Conference, CAC 2013, Article No. 16 (2013)
Yasakethu, S.L.P., Jiang, J.: Intrusion detection via machine learning for SCADA system protection. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, Learning and Development Ltd. (2013)
Thorpe, S.J., Delorme, A., Rullen, R.: Spike-based strategies for rapid processing. Neural Netw. 14(6–7), 715–725 (2001). Elsevier
Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Evol. Syst. 4, 87 (2013). doi:10.1007/s12530-013-9074-9. Springer
Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of integrate-and-fire neurons using rank order coding. Neurocomputing 38–40(1–4), 539–545 (2000)
Thorpe, S., Gautrais, J.: Rank order coding. In: Bower, J.M. (ed.) CNS 1997, pp. 113–118. Springer, Boston (1998). doi:10.1007/978-1-4615-4831-7_19. Plenum Press
Kasabov, N.: Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines. Springer, Heidelberg (2002)
Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006). doi:10.1007/11864349_103
Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. Neural Netw. 22(5–6), 623–632 (2009). 2009 International Joint Conference on Neural Networks
Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. Int. J. Netw. Secur. (IJNS) 17(2), 174–188 (2015)
Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006). doi:10.1016/j.patrec.2005.10.010. Elsevier Science Inc.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Demertzis, K., Iliadis, L., Spartalis, S. (2017). A Spiking One-Class Anomaly Detection Framework for Cyber-Security on Industrial Control Systems. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds) Engineering Applications of Neural Networks. EANN 2017. Communications in Computer and Information Science, vol 744. Springer, Cham. https://doi.org/10.1007/978-3-319-65172-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-65172-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65171-2
Online ISBN: 978-3-319-65172-9
eBook Packages: Computer ScienceComputer Science (R0)