Skip to main content
SpringerLink
Log in
Book cover

International Conference on Engineering Applications of Neural Networks

EANN 2017: Engineering Applications of Neural Networks pp 122–134Cite as

A Spiking One-Class Anomaly Detection Framework for Cyber-Security on Industrial Control Systems

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 744))

Abstract

Developments and upgrades in the field of industrial information technology, particularly those relating to information systems’ technologies for the collection and processing of real-time data, have introduced a large number of new threats. These threats are primarily related to the specific tasks these applications perform, such as their distinct design specifications, the specialized communication protocols they use and the heterogeneous devices they are required to interconnect. In particular, specialized attacks can undertake mechanical control, dynamic rearrangement of centrifugation or reprogramming of devices in order to accelerate or slow down their operations. This may result in total industrial equipment being destroyed or permanently damaged. Cyber-attacks against Industrial Control Systems which mainly use Supervisory Control and Data Acquisition (SCADA) combined with Distributed Control Systems are implemented with Programmable Logic Controllers. They are characterized as Advanced Persistent Threats. This paper presents an advanced Spiking One-Class Anomaly Detection Framework (SOCCADF) based on the evolving Spiking Neural Network algorithm. This algorithm implements an innovative application of the One-class classification methodology since it is trained exclusively with data that characterize the normal operation of ICS and it is able to detect divergent behaviors and abnormalities associated with APT attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Falco, J., et al.: IT security for industrial control systems. NIST Internal Report (NISTIR) 6859 (2002). http://www.nist.gov/customcf/get_pdf.cfm?pub_id=821684

  2. Bailey, D., Wright, E.: Practical SCADA for Industry. IDC Technologies, Vancouver (2003)

    Google Scholar 

  3. Boyer, S.: SCADA: Supervisory Control and Data Acquisition, 4th edn. International Society of Automation, Research Triangle Park, North Carolina (2010)

    Google Scholar 

  4. Weiss, J.: Current status of cybersecurity of control systems. In: Presentation to Georgia Tech Protective Relay Conference (2003)

    Google Scholar 

  5. Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: 3rd USENIX Workshop on Hot Topics in Security (HotSec 2008), Associated with the 17th USENIX Security Symposium, San Jose, CA, USA (2008)

    Google Scholar 

  6. Raj, V.S., Chezhian, R.M., Mrithulashri, M.: Advanced persistent threats & recent high profile cyber threat encounters. Int. J. Innov. Res. Comput. Commun. Eng. 2(1) (2014). (An ISO 3297: 2007 Certified Organization)

    Google Scholar 

  7. Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: The 6th International Conference on Information-Warfare & Security, pp. 113–125 (2010)

    Google Scholar 

  8. Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013). doi:10.1109/MSP.2012.90

    Google Scholar 

  9. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009). doi:10.1145/1541880.1541882

    Article  Google Scholar 

  10. Zimek, A., Schubert, E., Kriegel, H.-P.: A survey on unsupervised outlier detection in high-dimensional numerical data. Stat. Anal. Data Min. 5(5), 363–387 (2012). doi:10.1002/sam.11161

    Article  MathSciNet  Google Scholar 

  11. Knorr, E.M., Ng, R.T., Tucakov, V.: Distance-based outliers: algorithms and applications. VLDB J. Int. J. Very Large Data Bases 8(3–4), 237–253 (2000). doi:10.1007/s007780050006

    Article  Google Scholar 

  12. Hawkins, S., He, H., Williams, G., Baxter, R.: Outlier detection using replicator neural networks. In: Kambayashi, Y., Winiwarter, W., Arikawa, M. (eds.) DaWaK 2002. LNCS, vol. 2454, pp. 170–180. Springer, Heidelberg (2002). doi:10.1007/3-540-46145-0_17

    Chapter  Google Scholar 

  13. Valko, M., Cooper, G., Seybert, A., Visweswaran, S., Saul, M., Hauskrecht, M.: Conditional anomaly detection methods for patient-management alert systems. In: Workshop on Machine Learning in Health Care Applications in the 25th International Conference on Machine Learning (2008)

    Google Scholar 

  14. Skabar, A.: Single-class classifier learning using neural networks: an application to the prediction of mineral deposits. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, vol. 4, pp. 2127–2132 (2003)

    Google Scholar 

  15. Manevitz, L.M., Yousef, M.: One-class SVMS for document classification. J. Mach. Learn. Res. 2, 139–154 (2001)

    MATH  Google Scholar 

  16. Demertzis, K., Iliadis, L.: Intelligent bio-inspired detection of food borne pathogen by DNA barcodes: the case of invasive fish species Lagocephalus Sceleratus. In: Iliadis, L., Jayne, C. (eds.) EANN 2015. CCIS, vol. 517, pp. 89–99. Springer, Cham (2015). doi:10.1007/978-3-319-23983-5_9

    Chapter  Google Scholar 

  17. Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Cham (2014). doi:10.1007/978-3-319-11710-2_2

    Google Scholar 

  18. Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 322–334. Springer, Cham (2014). doi:10.1007/978-3-319-07869-4_30

    Google Scholar 

  19. Demertzis, K., Iliadis, L.: A bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras, N.J., Rassias, M.T. (eds.) Computation, Cryptography, and Network Security, pp. 161–193. Springer, Cham (2015). doi:10.1007/978-3-319-18275-9_7

    Chapter  Google Scholar 

  20. Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Proceedings of the 9th KICSS 2014, Knowledge Information and Creative Support Systems, Cyprus, pp. 231–243, November 2014. ISBN 978-9963-700-84-4

    Google Scholar 

  21. Demertzis, K., Iliadis, L.: Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds.) SLDS 2015. LNCS, vol. 9047, pp. 223–233. Springer, Cham (2015). doi:10.1007/978-3-319-17091-6_17

    Chapter  Google Scholar 

  22. Demertzis, K., Iliadis, L.: SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B. (eds.) ICCCI 2015. LNCS, vol. 9330, pp. 235–245. Springer, Cham (2015). doi:10.1007/978-3-319-24306-1_23

    Chapter  Google Scholar 

  23. Demertzis, K., Iliadis, L.: Computational intelligence anti-malware framework for android OS. Spec. Issue Vietnam J. Comput. Sci. (VJCS) 4, 1–15 (2016). doi:10.1007/s40595-017-0095-3. Springer

    Google Scholar 

  24. Demertzis, K., Iliadis, L.: Detecting invasive species with a bio-inspired semi supervised neurocomputing approach: the case of Lagocephalus sceleratus. Spec. Issue Neural Comput. Appl. 28, 1225–1234 (2016). doi:10.1007/s00521-016-2591-2. Springer

    Article  Google Scholar 

  25. Demertzis, K., Iliadis, L.: SICASEG: a cyber threat bio-inspired intelligence management system. J. Appl. Math. Bioinform. 6(3), 45–64 (2016). ISSN 1792-6602 (print), 1792-6939 (online). Scienpress Ltd.

    Google Scholar 

  26. Bougoudis, I., Demertzis, K., Iliadis, L.: Fast and low cost prediction of extreme air pollution values with hybrid unsupervised learning. Integr. Comput.-Aided Eng. 23(2), 115–127 (2016). doi:10.3233/ICA-150505. IOS Press

    Article  Google Scholar 

  27. Bougoudis, I., Demertzis, K., Iliadis, L.: HISYCOL a hybrid computational intelligence system for combined machine learning: the case of air pollution modeling in Athens. EANN Neural Comput. Appl. 27, 1191–1206 (2016). doi:10.1007/s00521-015-1927-7

    Article  Google Scholar 

  28. Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S.: A hybrid soft computing approach producing robust forest fire risk indices. In: Iliadis, L., Maglogiannis, I. (eds.) AIAI 2016. IAICT, vol. 475, pp. 191–203. Springer, Cham (2016). doi:10.1007/978-3-319-44944-9_17

    Chapter  Google Scholar 

  29. Anezakis, V.-D., Dermetzis, K., Iliadis, L., Spartalis, S.: Fuzzy cognitive maps for long-term prognosis of the evolution of atmospheric pollution, based on climate change scenarios: the case of Athens. In: Nguyen, N.-T., Manolopoulos, Y., Iliadis, L., Trawiński, B. (eds.) ICCCI 2016. LNCS, vol. 9875, pp. 175–186. Springer, Cham (2016). doi:10.1007/978-3-319-45243-2_16

    Chapter  Google Scholar 

  30. Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A.: Semi-supervised hybrid modeling of atmospheric pollution in urban centers. In: Jayne, C., Iliadis, L. (eds.) EANN 2016. CCIS, vol. 629, pp. 51–63. Springer, Cham (2016). doi:10.1007/978-3-319-44188-7_4

    Chapter  Google Scholar 

  31. Moya, M., Koch, M., Hostetler, L.: One-class classifier networks for target recognition applications. In: Proceedings World Congress on Neural Networks, pp. 797–801 (1993)

    Google Scholar 

  32. Munroe, D.T., Madden, M.G.: Multi-class and single-class classification approaches to vehicle model recognition from images. In: Proceedings of Irish Conference on Artificial Intelligence and Cognitive Science, Portstewart (2005)

    Google Scholar 

  33. Yu, H.: SVMC: single-class classification with support vector machines. In: Proceedings of International Joint Conference on Artificial Intelligence, pp. 567–572 (2003)

    Google Scholar 

  34. El-Yaniv, R., Nisenson, M.: Optimal single-class classification strategies. In: Proceedings of the 2006 NIPS Conference, vol. 19, pp. 377–384. MIT Press (2007)

    Google Scholar 

  35. Juszczak, P.: Learning to recognise. A study on one-class classification and active learning. Ph.D. thesis, Delft University of Technology (2006)

    Google Scholar 

  36. Luo, J., Ding, L., Pan, Z., Ni, G., Hu, G.: Research on cost-sensitive learning in one-class anomaly detection algorithms. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 259–268. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73547-2_27

    Chapter  Google Scholar 

  37. Shieh, A.D., Kamm, D.F.: Ensembles of one class support vector machines. In: Benediktsson, J.A., Kittler, J., Roli, F. (eds.) MCS 2009. LNCS, vol. 5519, pp. 181–190. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02326-2_19

    Chapter  Google Scholar 

  38. Soupionis, Y., Ntalampiras, S., Giannopoulos, G.: Faults and cyber attacks detection in critical infrastructures. In: Panayiotou, C.G., Ellinas, G., Kyriakides, E., Polycarpou, M.M. (eds.) CRITIS 2014. LNCS, vol. 8985, pp. 283–289. Springer, Cham (2016). doi:10.1007/978-3-319-31664-2_29

    Chapter  Google Scholar 

  39. Qin, Y., Cao, X., Liang, P., Hu, Q., Zhang, W.: Research on the analytic factor neuron model based on cloud generator and its application in oil&gas SCADA security defense. In: IEEE 3rd International Conference on Cloud Computing and Intelligence Systems (CCIS) (2014). doi:10.1109/CCIS.2014.7175721

  40. Chen, Q., Abdelwahed, S.: A model-based approach to self-protection in computing system. In: Proceedings of the ACM Cloud and Autonomic Computing Conference, CAC 2013, Article No. 16 (2013)

    Google Scholar 

  41. Yasakethu, S.L.P., Jiang, J.: Intrusion detection via machine learning for SCADA system protection. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, Learning and Development Ltd. (2013)

    Google Scholar 

  42. Thorpe, S.J., Delorme, A., Rullen, R.: Spike-based strategies for rapid processing. Neural Netw. 14(6–7), 715–725 (2001). Elsevier

    Article  Google Scholar 

  43. Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Evol. Syst. 4, 87 (2013). doi:10.1007/s12530-013-9074-9. Springer

    Article  Google Scholar 

  44. Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of integrate-and-fire neurons using rank order coding. Neurocomputing 38–40(1–4), 539–545 (2000)

    Google Scholar 

  45. Thorpe, S., Gautrais, J.: Rank order coding. In: Bower, J.M. (ed.) CNS 1997, pp. 113–118. Springer, Boston (1998). doi:10.1007/978-1-4615-4831-7_19. Plenum Press

    Chapter  Google Scholar 

  46. Kasabov, N.: Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  47. Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006). doi:10.1007/11864349_103

    Chapter  Google Scholar 

  48. Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. Neural Netw. 22(5–6), 623–632 (2009). 2009 International Joint Conference on Neural Networks

    Article  Google Scholar 

  49. Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. Int. J. Netw. Secur. (IJNS) 17(2), 174–188 (2015)

    Google Scholar 

  50. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006). doi:10.1016/j.patrec.2005.10.010. Elsevier Science Inc.

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering, School of Engineering, Faculty of Mathematics Programming and General Courses, Democritus University of Thrace, Kimmeria, Xanthi, Greece

    Konstantinos Demertzis & Lazaros Iliadis

  2. Department of Production and Management Engineering, School of Engineering, Democritus University of Thrace, Kimmeria, 67100, Xanthi, Greece

    Stefanos Spartalis

Authors
  1. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefanos Spartalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Demertzis .

Editor information

Editors and Affiliations

  1. Politecnico di Milano, Milan, Italy

    Giacomo Boracchi

  2. Democritus University of Thrace, University Campus, Xanthi, Greece

    Lazaros Iliadis

  3. School of Computing Science and Digital Media, Robert Gordon University, Aberdeen, United Kingdom

    Chrisina Jayne

  4. Univesity of Ioannina, Ioannina, Greece

    Aristidis Likas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Demertzis, K., Iliadis, L., Spartalis, S. (2017). A Spiking One-Class Anomaly Detection Framework for Cyber-Security on Industrial Control Systems. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds) Engineering Applications of Neural Networks. EANN 2017. Communications in Computer and Information Science, vol 744. Springer, Cham. https://doi.org/10.1007/978-3-319-65172-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65172-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65171-2

  • Online ISBN: 978-3-319-65172-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation