Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyber Security Cryptography and Machine Learning

CSCML 2021: Cyber Security Cryptography and Machine Learning pp 86–93Cite as

Robust Multivariate Anomaly-Based Intrusion Detection System for Cyber-Physical Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12716))

Abstract

Cyber-physical critical infrastructures such as power plants are no longer air-gapped. Due to IP-Convergence, the control systems and sensor/actuator communication networks are often directly or indirectly connected to the Internet. While network intrusion detection can provide certain cyber defense capabilities, that is not sufficient due to covert attacks or insider attacks. Therefore, in recent years, a lot of research is being carried out to detect intrusion by observing anomalies in the plants’ physical dynamics. In this work, we propose a robust anomaly detection mechanism based on a semi-supervised machine learning technique allowing us near real-time localization of attacks. Deep neural network architecture is used to detect anomaly – based on reconstruction error. We demonstrate our method’s efficacy on the SWaT dataset. Our method outperforms other existing anomaly detection techniques with an AUC score of 0.9275.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bernabeu, E.E., Thorp, J.S., Centeno, V.: Methodology for a security/dependability adaptive protection scheme based on data mining. IEEE Trans. Power Deliv. 27(1), 104–111 (2011)

    Article  Google Scholar 

  2. Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6, 63–75 (2013)

    Article  Google Scholar 

  3. Adepu, S., Mathur, A.: Distributed Attack Detection in a Water Treatment Plant: Method and Case Study (2018)

    Google Scholar 

  4. Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, S.-K.: MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks, arXiv:1901.04997v1 [cs.LG], 15 January 2019

  5. Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber-physical systems using recurrent neural networks. In: Proceedings of HASE, pp. 140–145. IEEE (2017)

    Google Scholar 

  6. Malhotra, P., Vig, L., Shroff, G., Agarwal, P.: Long short term memory networks for anomaly detection in time series. In: Proceedings of ESANN, p. 89 (2015)

    Google Scholar 

  7. Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 88–99. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_8

    Chapter  Google Scholar 

  8. Morita, T., et al.: Detection of cyber-attacks with zone dividing and PCA. In: The Proceedings of the 17th International Conference on Knowledge Based and Intelligent Information and Engineering Systems (2013)

    Google Scholar 

  9. Malhotra, P., Ramakrishnan, A., Anand, G., Vig, L., Agarwal, P., Shroff, G.: LSTM-based encoder-decoder for multi-sensor anomaly detection. In: ICML 2016 Anomaly Detection Workshop, New York, NY, USA (2016)

    Google Scholar 

  10. Filonov, P., Lavrentyev, A., Vorontsov, A.: Multivariate Industrial Time Series with Cyber-Attack Simulation: Fault Detection Using an LSTM-based Predictive Data Model, arXiv:1612.06676v2cs.LG], 26 December 2016

  11. US National Institute of Standards and Technology. NIST cyber security framework, USA (2018)

    Google Scholar 

  12. Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., Manzagol, P.-A.: Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J. Mach. Learn. Res. 11, 3371–3408 (2010)

    MathSciNet  MATH  Google Scholar 

  13. Adam, G., Bryan, H., See Kiong, N., Wee Siong, N.: Robustness of autoencoders for anomaly detection under adversarial impact. In: Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence, (IJCAI 2020) (2020). https://doi.org/10.24963/ijcai.2020/173

  14. Chen, Y., Zhou, X.S., Huang, T.S.: One-class SVM for learning in image retrieval. In: International Conference on Image Processing, pp. 34–37. Citeseer (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. C3i Center, Department of Computer Science and Engineering, Indian Institute of Technology Kanpur, Kanpur, India

    Aneet Kumar Dutta, Rohit Negi & Sandeep Kumar Shukla

Authors
  1. Aneet Kumar Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rohit Negi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandeep Kumar Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aneet Kumar Dutta .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Be'er Sheva, Israel

    Shlomi Dolev

  2. Ben-Gurion University of the Negev, Be'er Sheva, Israel

    Oded Margalit

  3. Bar-Ilan University, Tel Aviv, Israel

    Benny Pinkas

  4. Augusta University, Augusta, GA, USA

    Alexander Schwarzmann

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dutta, A.K., Negi, R., Shukla, S.K. (2021). Robust Multivariate Anomaly-Based Intrusion Detection System for Cyber-Physical Systems. In: Dolev, S., Margalit, O., Pinkas, B., Schwarzmann, A. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2021. Lecture Notes in Computer Science(), vol 12716. Springer, Cham. https://doi.org/10.1007/978-3-030-78086-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78086-9_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78085-2

  • Online ISBN: 978-3-030-78086-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation