Skip to main content
SpringerLink
Log in

Dealing with Complexity for Immune-Inspired Anomaly Detection in Cyber Physical Systems

  • Conference paper
  • First Online:
Book cover Secure Knowledge Management In The Artificial Intelligence Era (SKM 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1549))

  • 361 Accesses

Abstract

With digitization, critical infrastructures face a higher risk of security incidents and attacks on cyber-physical systems (CPS). In the past 50 years, research and practice have developed various approaches to monitor and detect attacks such as with anomaly detection. While many approaches focuses on artificial neural networks, bio-inspired approaches utilize nature as reference. For example, artificial immune systems (AIS) refer to principles of the natural immune system. In this paper, we investigate the Negative Selection Algorithm (NSA), an algorithm from the domain of AIS for anomaly detection in CPS. Particularly in CPS, datasets can become quite complex and can require a number of detectors for the analysis. Therefore, we will investigate how AIS can be extended to handle and manage complex datasets of CPS. We propose two models that use Principal Component Analysis (PCA) and Autoencoder (AE) to enable dimensionality reduction. Using these models, we are able to show that it is possible to apply the NSA approach to such datasets. Our results indicate that the use of PCA and AE is beneficial for both a better representation of the data and therefore significantly relevant for an improvement of the detection rate, and provides in addition the possibility to add further features to support the identification of anomalies. As the NSA approach allows for distributed computation, it might be possible to allow faster or distributed detection; the extent to which this is possible remains to be investigated and therefore represents future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://archive.ics.uci.edu/ml/datasets.php (last access: 27/07/21).

  2. 2.

    International Atomic Energy Agency.

  3. 3.

    Available at: https://archive.ics.uci.edu/ml/datasets/Iris [9].

References

  1. Busquim E Silva, R.A., Shirvan, K., Piqueira, J.R.C., Marques, R.P.: Development of the Asherah nuclear power plant simulator for cyber security assessment. In: International Conference on Nuclear Security (ICONS), Vienna, Austria, February 2020

    Google Scholar 

  2. Chen, W., Liu, X.J., Li, T., Shi, Y.Q., Zheng, X.F., Zhao, H.: A negative selection algorithm based on hierarchical clustering of self set and its application in anomaly detection. Int. J. Comput. Intell. Syst. 4(4), 410–419 (2011)

    Google Scholar 

  3. Chollet, F., et al.: Keras (2015). https://keras.io

  4. Cross, S.S., Harrison, R.F., Kennedy, R.L.: Introduction to neural networks. The Lancet 346(8982), 1075–1079 (1995)

    Article  Google Scholar 

  5. Dasgupta, D., Attoh-Okine, N.A.: Immunity-based systems: a survey. In: 1997 IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation, vol. 1, pp. 369–374 (1997). https://doi.org/10.1109/ICSMC.1997.625778

  6. Dasgupta, D., Forrest, S.: An anomaly entection algorithm inspired by the immune syste. In: Dasgupta, D. (ed.) Artificial Immune Systems and Their Applications, pp. 262–277. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-642-59901-9_14

    Chapter  Google Scholar 

  7. Fan, Z., Wen, C., Tao, L., Xiaochun, C., Haipeng, P.: An antigen space triangulation coverage based real-value negative selection algorithm. IEEE Access 7, 51886–51898 (2019)

    Article  Google Scholar 

  8. Fang, X., Li, L.: An improved artificial immune approach to network intrusion detection. In: 2010 2nd International Conference on Advanced Computer Control, vol. 2, pp. 39–44. IEEE (2010)

    Google Scholar 

  9. Fisher, R.A.: The use of multiple measurements in taxonomic problems. Ann. Eugenics 7(2), 179–188 (1936)

    Article  Google Scholar 

  10. Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212. IEEE (1994)

    Google Scholar 

  11. Goldberg, D.E.: The genetic algorithm approach: why, how, and what next? In: Narendra, K.S. (ed.) Adaptive and Learning Systems, pp. 247–253. Springer, Boston (1986). https://doi.org/10.1007/978-1-4757-1895-9_17

    Chapter  Google Scholar 

  12. González, F., Dasgupta, D.: A study of artificial immune systems applied to anomaly detection. Ph.D. thesis, University of Memphis Memphis (2003)

    Google Scholar 

  13. Greensmith, J., Whitbrook, A., Aickelin, U.: Artificial immune systems. In: Gendreau, M., Potvin, J.Y. (eds.) Handbook of Metaheuristics. ISOR, vol. 146, pp. 421–448. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-1665-5_14

    Chapter  Google Scholar 

  14. Guo, J., Liu, G., Zuo, Y., Wu, J.: An anomaly detection framework based on autoencoder and nearest neighbor. In: 2018 15th International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2018)

    Google Scholar 

  15. Hofmeyr, S.A.: An interpretative introduction to the immune system. In: Design Principles for the Immune System and Other Distributed Autonomous Systems, vol. 3, pp. 28–36 (2000)

    Google Scholar 

  16. Ji, Z., Dasgupta, D.: Real-valued negative selection algorithm with variable-sized detectors. In: Deb, K. (ed.) GECCO 2004. LNCS, vol. 3102, pp. 287–298. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24854-5_30

    Chapter  Google Scholar 

  17. Ji, Z., Dasgupta, D.: Revisiting negative selection algorithms. Evol. Comput. 15(2), 223–251 (2007)

    Article  Google Scholar 

  18. Jinquan, Z., Xiaojie, L., Tao, L., Caiming, L., Lingxi, P., Feixian, S.: A self-adaptive negative selection algorithm used for anomaly detection. Prog. Nat. Sci. 19(2), 261–266 (2009)

    Article  Google Scholar 

  19. Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection-a review. Nat. Comput. 6(4), 413–466 (2007). https://doi.org/10.1007/s11047-006-9026-4

    Article  MathSciNet  MATH  Google Scholar 

  20. Klambauer, G., Unterthiner, T., Mayr, A., Hochreiter, S.: Self-normalizing neural networks (2017)

    Google Scholar 

  21. Kluyver, T., et al.: Jupyter Notebooks? a publishing format for reproducible computational workflows. In: Loizides, F., Scmidt, B. (eds.) Positioning and Power in Academic Publishing: Players, Agents and Agendas, pp. 87–90. IOS Press (2016). https://eprints.soton.ac.uk/403913/

  22. Li, D., Liu, S., Zhang, H.: Negative selection algorithm with constant detectors for anomaly detection. Appl. Soft Comput. 36, 618–632 (2015)

    Article  Google Scholar 

  23. Nemati, L., Shakeri, M.: Negative selection based data classification with flexible boundaries. J. Comput. Robot. 11(2), 69–85 (2018)

    Google Scholar 

  24. Ng, A., et al.: UFLDL tutorial (2013). http://ufldl.stanford.edu/tutorial. Accessed 12 Apr 2021

  25. Nuclear Energy Institute (NEI): Digital: The new word in nuclear power plant control rooms (2016). https://electricenergyonline.com/article/energy/category/generation/52/583260/digital-the-new-word-in-nuclear-power-plant-control-rooms.html. Accessed 21 Mar 2021

  26. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(85), 2825–2830 (2011). http://jmlr.org/papers/v12/pedregosa11a.html

  27. Rowland, M.T., Busquim e Silva, R.A.: Enhancing computer security incident analysis at nuclear facilities (2015). https://www.iaea.org/projects/crp/j02008. Accessed 23 Mar 2021

  28. Seidel, R.: The upper bound theorem for polytopes: an easy proof of its asymptotic version. Comput. Geom. 5(2), 115–116 (1995). https://doi.org/10.1016/0925-7721(95)00013-Y

    Article  MathSciNet  MATH  Google Scholar 

  29. Shlens, J.: A tutorial on principal component analysis. Computing Research Repository (CoRR) abs/1404.1100 (2014). http://arxiv.org/abs/1404.1100

  30. Slowik, J.: Evolution of ICS attacks and the prospects for future disruptive events, February 2019. https://www.dragos.com/resource/evolution-of-ics-attacks-and-the-prospects-for-future-disruptive-events/. Accessed 22 Mar 2021

  31. Stibor, T.: On the appropriateness of negative selection for anomaly detection and network intrusion detection. Ph.D. thesis, Technische Universität Darmstadt (2006)

    Google Scholar 

  32. Stibor, T., Bayarou, K.M., Eckert, C.: An investigation of R-chunk detector generation on higher alphabets. In: Deb, K. (ed.) GECCO 2004. LNCS, vol. 3102, pp. 299–307. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24854-5_31

    Chapter  Google Scholar 

  33. U.S. Nuclear Regulatory Commission: 1979 annual report (1979). https://tmi2kml.inl.gov/Documents/4e-NRC-Annual/1979%20NRC%20Annual%20Report%20(NUREG-0690).pdf. Accessed 23 Mar 2021

  34. Virtanen, P., et al.: SciPy 1.0: fundamental algorithms for scientific computing in Python. Nat. Methods 17, 261–272 (2020). https://doi.org/10.1038/s41592-019-0686-2

    Article  Google Scholar 

  35. Yang, C., Jia, L., Chen, B.Q., Wen, H.Y.: Negative selection algorithm based on antigen density clustering. IEEE Access 8, 44967–44975 (2020)

    Article  Google Scholar 

  36. Zhang, R., Li, T., Xiao, X.: A real-valued negative selection algorithm based on grid for anomaly detection. In: Abstract and Applied Analysis, vol. 2013. Hindawi (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Applied Sciences FH Campus Wien, Vienna, Austria

    Lenhard Reuter & Manuel Koschuch

  2. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Maria Leitner

  3. Center for Digital Safety & Security, AIT Austrian Institute of Technology GmbH, Seibersdorf, Austria

    Lenhard Reuter, Maria Leitner & Paul Smith

Authors
  1. Lenhard Reuter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria Leitner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Manuel Koschuch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maria Leitner .

Editor information

Editors and Affiliations

  1. The University of Texas at San Antonio, San Antonio, TX, USA

    Ram Krishnan

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    H. Raghav Rao

  3. Birla Institute of Technology and Science, Pilani, Rajasthan, India

    Sanjay K. Sahay

  4. Indiana University, Bloomington, IN, USA

    Sagar Samtani

  5. SUNY Buffalo, Buffalo, NY, USA

    Ziming Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reuter, L., Leitner, M., Smith, P., Koschuch, M. (2022). Dealing with Complexity for Immune-Inspired Anomaly Detection in Cyber Physical Systems. In: Krishnan, R., Rao, H.R., Sahay, S.K., Samtani, S., Zhao, Z. (eds) Secure Knowledge Management In The Artificial Intelligence Era. SKM 2021. Communications in Computer and Information Science, vol 1549. Springer, Cham. https://doi.org/10.1007/978-3-030-97532-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-97532-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97531-9

  • Online ISBN: 978-3-030-97532-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation