Skip to main content
SpringerLink
Log in

Incremental Dendritic Cell Algorithm for Intrusion Detection in Cyber-Physical Production Systems

  • Conference paper
  • First Online:
Intelligent Computing

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 285))

Abstract

Cyber-Physical Production Systems (CPPS) are becoming increasingly more susceptible to security vulnerabilities, specially with the introduction of IoT principles in manufacturing scenarios. Since security is crucial to the development and acceptance of CPPS, flexible adaptation to real CPPS security environment and reasonable response to real-time CPPS security events are needed. This paper presents an Intrusion Detection System (IDS) approach for CPPS, based on an extended version of the Dendritic Cell Algorithm (DCA), designated as Incremental Dendritic Cell Algorithm (iDCA). Facing the industrial requirements for intrusion detection and response, the proposed solution enables online incremental detection in an unsupervised manner. Results show that the approach is a viable solution to detect anomalies in (near) real-time, specially in environments with little a priori system knowledge for intrusion detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://digi2-feup.github.io/OPCUADataset/.

References

  1. Ahmad, S., Lavin, A., Purdy, S., Agha, Z.: Unsupervised real-time anomaly detection for streaming data. Neurocomputing 262, 134–147 (2017)

    Article  Google Scholar 

  2. Aickelin, U., Cayzer, S.: The danger theory and its application to artificial immune systems. arXiv preprint arXiv:0801.3549 (2008)

  3. Ashraf, Q.M., Habaebi, M.H.: Autonomic schemes for threat mitigation in internet of things. J. Netw. Comput. Appl. 49, 112–127 (2015)

    Google Scholar 

  4. Baker, G.H., Berg, A.: Supervisory control and data acquisition (SCADA) systems. Crit. Infrastr. Protect. Rep. 1(6) (2002)

    Google Scholar 

  5. Bay, S.D., Kibler, D., Pazzani, M.J., Smyth, P.: The UCI KDD archive of large data sets for data mining research and experimentation. ACM SIGKDD Explor. Newsl. 2(2), 81–85 (2000)

    Google Scholar 

  6. Bennaoui, A., Hachemani, R., Kouninef, B.: Immune-inspired algorithm for network intrusion detection

    Google Scholar 

  7. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. arXiv preprint arXiv:1211.4493 (2012)

  8. Burbeck, K., Nadjm-Tehrani, S.: Adwice–anomaly detection with real-time incremental clustering. In: International Conference on Information Security and Cryptology, pp. 407–424. Springer, Heidelberg (2004). https://doi.org/10.1007/11496618_30

  9. Burbeck, K., Nadjm-Tehrani, S.: Adaptive real-time anomaly detection with incremental clustering. Inf. Secur. Tech. Rep. 12(1), 56–67 (2007)

    Google Scholar 

  10. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)

    Article  Google Scholar 

  11. Chelly, Z., Elouedi, Z.: A survey of the dendritic cell algorithm. Knowl. Inf. Syst. 48(3), 505–535 (2016)

    Article  Google Scholar 

  12. Chen, M.-H., Chang, P.-C., Jheng-Long, W.: A population-based incremental learning approach with artificial immune system for network intrusion detection. Eng. Appl. Artif. Intell. 51, 171–181 (2016)

    Article  Google Scholar 

  13. Dasgupta, D., Senhua, Yu., Nino, F.: Recent advances in artificial immune systems: models and applications. Appl. Soft Comput. 11(2), 1574–1587 (2011)

    Article  Google Scholar 

  14. Gepperth, A., Hammer, B.: Incremental learning algorithms and applications (2016)

    Google Scholar 

  15. Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems–survey and synthesis. Decis. Support Syst. 42(4), 2164–2185 (2007)

    Google Scholar 

  16. Greensmith, J.: The dendritic cell algorithm. Ph.D. thesis, Citeseer (2007)

    Google Scholar 

  17. Greensmith, J., Aickelin, U.: The deterministic dendritic cell algorithm. In: International Conference on Artificial Immune Systems, pp. 291–302. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85072-4_26

  18. Gu, F.: Theoretical and empirical extensions of the dendritic cell algorithm. Ph.D. thesis, University of Nottingham (2011)

    Google Scholar 

  19. Gu, F., Greensmith, J., Aickelin, U.: Further exploration of the dendritic cell algorithm: antigen multiplier and time windows. In: International Conference on Artificial Immune Systems, pp. 142–153. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85072-4_26

  20. Halford, M., Bolmier, G., Sourty, R., Vaysse, R., Zouitine, A.: Creme, a Python library for online machine learning (2019)

    Google Scholar 

  21. Han, S., Xie, M., Chen, H.-H., Ling, Y.: Intrusion detection in cyber-physical systems: techniques and challenges. IEEE Syst. J. 8(4), 1052–1062 (2014)

    Article  Google Scholar 

  22. IBM: Autonomic Computing: IBM’s Perspective on the State of Information Technology, October 2001. http://people.scs.carleton.ca/~soma/biosec/readings/autonomic_computing.pdf

  23. Igbe, O., Darwish, I., Saadawi, T.: Deterministic dendritic cell algorithm application to smart grid cyber-attack detection. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 199–204. IEEE (2017)

    Google Scholar 

  24. Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wirel. Netw. 20(8), 2481–2501 (2014)

    Google Scholar 

  25. Khreich, W., Granger, E., Miri, A., Sabourin, R.: A comparison of techniques for on-line incremental learning of hmm parameters in anomaly detection. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–8. IEEE (2009)

    Google Scholar 

  26. Koopman, P.: Elements of the self-healing system problem space. J. Reliabil. Qual. Saf. Eng. 8 (2003)

    Google Scholar 

  27. Laskov, P., Gehl, C., Krüger, S., Müller, K.-R.: Incremental support vector learning: analysis, implementation and applications. J. Mach. Learn. Res. 7(Sep), 1909–1936 (2006)

    Google Scholar 

  28. Lavin, A., Ahmad, S.: Evaluating real-time anomaly detection algorithms–the numenta anomaly benchmark. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pp. 38–44. IEEE (2015)

    Google Scholar 

  29. Lemos, R.: SCADA system makers pushed toward security. July 2006. http://www.securityfocus.com/news/11402

  30. Pinto, R., Gonçalves, G., Tovar, E., Delsing, J.: Attack detection in cyber-physical production systems using the deterministic dendritic cell algorithm. In: 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), vol. 1, pp. 1552–1559 (2020)

    Google Scholar 

  31. Pinto, R.: M2M using OPC UA (2020)

    Google Scholar 

  32. Rodosek, G.D., Geihs, K., Schmeck, H., Stiller, B.: Self-healing systems: foundations and challenges. In: Self-Healing and Self-Adaptive Systems, no. 09201 (2009)

    Google Scholar 

  33. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.:Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Google Scholar 

  34. Stehman, S.V.: Selecting and interpreting measures of thematic classification accuracy. Remote Sens. Environ. 62(1), 77–89 (1997)

    Google Scholar 

  35. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD Cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  36. Tsang, R.: Cyberthreats, vulnerabilities and attacks on scada networks. In: Working Paper. University of California, Berkeley (2010). http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf. Accessed 28 Dec 2011

  37. Yi, Y., Jiansheng, W., Wei, X.: Incremental SVM based on reserved set for network intrusion detection. Expert Syst. Appl. 38(6), 7698–7707 (2011)

    Article  Google Scholar 

  38. Zhong, C., Li, N.: Incremental clustering algorithm for intrusion detection using clonal selection. In: 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application, vol. 1, pp. 326–331. IEEE (2008)

    Google Scholar 

Download references

Acknowledgment

This work was financially supported by: INDTECH 4.0 (SP4) - POCI-01-0247-FEDER-026653, co-funded by European Regional Development Fund (FEDER), through Competitiveness and Internationalization Operational Program (POCI) and Base Funding - UIDB/00147/2020 of the Systems and Technologies Center – SYSTEC - funded by national funds through the FCT/MCTES.

Author information

Authors and Affiliations

  1. Research Center for Systems and Technologies, Faculty of Engineering, University of Porto, Porto, Portugal

    Rui Pinto & Gil Gonçalves

  2. EISLAB of the Luleå, University of Technology, Luleå, Sweden

    Jerker Delsing

  3. Research Centre in Real-Time and Embedded Computing Systems, Polytechnic of Porto - School of Engineering, Porto, Portugal

    Eduardo Tovar

Authors
  1. Rui Pinto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gil Gonçalves
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jerker Delsing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eduardo Tovar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Pinto .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pinto, R., Gonçalves, G., Delsing, J., Tovar, E. (2021). Incremental Dendritic Cell Algorithm for Intrusion Detection in Cyber-Physical Production Systems. In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 285. Springer, Cham. https://doi.org/10.1007/978-3-030-80129-8_47

Download citation

Publish with us

Policies and ethics

Search

Navigation