Skip to main content
Log in

Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. https://itrust.sutd.edu.sg/testbeds/secure-water-treatment-swat/

  2. https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot

References

  1. Morgan, S.: Cybercrime to cost the world $10.5 trillion annually by 2025, Cyber- crime Magazine (Nov. 13, 2020)

  2. Sahu, A., Mao, Z., Wlazlo, P., Huang, H., Davis, K., Goulart, A., Zonouz, S.: Multi-source multi-domain data fusion for cyberattack detection in power sys- tems. IEEE Access 9, 119118–119138 (2021). https://doi.org/10.1109/ACCESS.2021.3106873

    Article  Google Scholar 

  3. Yang, A., Wang, X., Sun, Y., Hu, Y., Shi, Z., Sun, L.: Multi-dimensional data fusion intrusion detection for stealthy attacks on industrial control systems. 2018 IEEE Global Commun. Conf. (GLOBECOM) 2018, 1–7 (2018). https://doi.org/10.1109/GLOCOM.2018.8648131

    Article  Google Scholar 

  4. Anjum, N., Latif, Z., Lee, C., Shoukat, I.A., Iqbal, U.: Mind: a multi-source data fusion scheme for intrusion detection in networks. Sensors 21(14), 4941 (2021). https://doi.org/10.3390/s21144941

    Article  Google Scholar 

  5. Jemili, F.: (2023) Towards data fusion-based big data analytics for intrusion detection. J. Inform. Telecommun. (2023). https://doi.org/10.1080/247518392214976

    Article  Google Scholar 

  6. Perales Gomez, L., Fernandez Maimo, L., Huertas Celdran, A., Gar-cia Clemente, F.J.: Madics: a methodology for anomaly detection in industrial control systems. Symmetry (2020). https://doi.org/10.3390/sym12101583

    Article  Google Scholar 

  7. Hafsa, M., Jemili, F.: Comparative study between big data analysis techniques in intrusion detection. Big Data Cognit. Comput. (2018). https://doi.org/10.3390/bdcc3010001

    Article  Google Scholar 

  8. Ben Fekih, R., F. Jemili, F.: Distributed architecture of an intrusion detection system based on cloud computing and big data techniques. In: Bouhlel, M.S., Rovetta, S. (Eds.), Proceedings of the 8th International conference on sciences of electronics, technologies of information and telecommunications (SETIT’18), vol. 1, pp. 192–201. Springer International Publishing, Cham (2018)

  9. Essid, M., Jemili, F.: Combining intrusion detection datasets using mapreduce. In: 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC). .pp. 004724–004728. (2016) https://doi.org/10.1109/SMC.2016.7844977

  10. Elayni, M., Jemili, F.: Using mongodb databases for training and combining intru- sion detection datasets. In: Lee, R. (ed.) Software engineering, artificial intelligence networking and parallel/distributed computing, pp. 17–29. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  11. Manzoor, M.A., Morgan, Y.: Real-time support vector machine based network intrusion detection system using apache storm, In: 2016 IEEE 7th annual infor- mation technology, electronics and mobile communication conference (IEM- CON). pp. 1–5. (2016) https://doi.org/10.1109/IEMCON.2016.7746264

  12. Jemili, F., Bouras, H.: Intrusion detection based on big data fuzzy analytics. In: Kakulapati, V. (ed.) Open Data. IntechOpen, London (2021)

    Google Scholar 

  13. Jemili, F.: Intelligent intrusion detection based on fuzzy big data classification. Clust. Comput. (2022). https://doi.org/10.1007/s10586-022-03769-y

    Article  Google Scholar 

  14. Douiba, M., Benkirane, S., Guezzaz, A., Azrour, M.: An improved anomaly detec tion model for iot security using decision tree and gradient boosting. J. Supercomput. (2022). https://doi.org/10.1007/s11227-022-04783-y

    Article  Google Scholar 

  15. Guezzaz, A., Benkirane, S., Azrour, M., Khurram, S.: A reliable network intrusion detection approach using decision tree with enhanced data quality. Secur. Commun. Netw. (2021). https://doi.org/10.1155/2021/1230593

    Article  Google Scholar 

  16. Ferrag, M.A., Friha, O., Hamouda, D., Maglaras, L., Janicke, H.: Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications for centralized and federated learning. IEEE Access 10, 40281–40306 (2022). https://doi.org/10.1109/ACCESS.2022.3165809

    Article  Google Scholar 

  17. Tareq, I., Elbagoury, B.M., El-Regaily, S., El-Horbaty, E.-S.M.: Analysis of ton- iot, unw-nb15, and edge-iiot datasets using dl in cybersecurity for iot. Appl. Sci. (2022). https://doi.org/10.3390/app12199572

    Article  Google Scholar 

  18. Azrour, M., Mabrouki, J., Guezzaz, A., Kanwal, A., Habib, U., Khan, F.: Internet of things security: challenges and key issues. Secur. Commun. Netw (2021). https://doi.org/10.1155/2021/5533843

    Article  Google Scholar 

  19. Mohy-eddine, M., Guezzaz, A., Benkirane, S., Azrour, M.: An efficient network in- trusion detection model for iot security using k-nn classifier and feature selection. Multimed. Tools Appl. (2023). https://doi.org/10.1007/s11042-023-14795-2

    Article  Google Scholar 

  20. Mohy-eddine, M., Guezzaz, A., Benkirane, S., Azrour, M.: An effective intru- sion detection approach based on ensemble learning for iiot edge comput- ing. J. Comput. Virol. Hacking Tech. (2022). https://doi.org/10.1007/s11416-022-00456-9

    Article  Google Scholar 

  21. Hazman, C., Guezzaz, A., Benkirane, S., Azrour, M.: lids-sioel: intrusion detection framework for iot-based smart environments security using ensemble learning. Cluster Comput. (2022). https://doi.org/10.1007/s10586-022-03810-0

    Article  Google Scholar 

  22. Sig, M., John, M., Ning, B.; Intrusion detection systems: a feature and capability analysis, Santa Cruz. (2010)

  23. White, F.E.. Data fusion lexicon. Joint Directors of Labs Washington DC (1991)

  24. Waltz, E.L., Llinas, J., White, F.E.: Multisensor data fusion. Artech House Inc., London (1990)

    Google Scholar 

  25. Wald, L.: Some terms of reference in data fusion. IEEE Trans. Geo- Sci. Remote Sens. 37(3), 1190–1193 (1999). https://doi.org/10.1109/36.763269

    Article  Google Scholar 

  26. Mastrogiovanni, F., Sgorbissa, A., & Zaccaria, R.: (2007, January). A Distributed Architecture for Symbolic Data Fusion. In IJCAI (pp. 2153–2158)

  27. Li, G., Fu, Y., Chen, H.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 1–16 (2018). https://doi.org/10.1155/2018/8210614

    Article  Google Scholar 

  28. Lin, Q., Ooi, B.C., Wang, Z., Yu, C.: Scalable distributed stream join process- ing, SIGMOD ’15, Association for Computing Machinery. pp. 811–825. New York, NY (2015)

  29. S. S. P. Guide, Stream-stream joins,https://spark.apache.org/docs/latest/structured-streaming-programming-guide.html#stream-stream-joins Accessed 15 June 2022

  30. Wang, Y.: Stream processing systems benchmark: StreamBench, Master’s thesis, Aalto University. School of Science (2016)

  31. Halas, F.”: Performance measurement of stream data processing in apache spark, Master’s thesis (2017)

  32. Yavuz, B.: Benchmarking structured streaming on databricks runtime against state-of-the-art streaming systems, https://databricks.com/blog/2017/10/11/benchmarking-structured-streaming-on-databricks-runtime-against-state-of-the-art-strea.html (2017), Accessed 10 March 2022

  33. Armbrust, M., Das, T., Torres, J., Yavuz, B., Zhu, S., Xin, R., Ghodsi, A., Stoica, I., Zaharia, M.: Structured streaming: a declarative api for real-time applications in apache spark. (2018), pp. 601–613. https://doi.org/10.1145/3183713.3190664.

  34. Suthaharan, S.: Big data classification: Problems and challenges in network intru- sion prediction with machine learning. SIGMETRICS Perform. Eval. Rev. 41(4), 70–73 (2014). https://doi.org/10.1145/2627534.2627557

    Article  Google Scholar 

  35. Abid, A., Jemili, F., Korbaa, O.: Distributed architecture of an intrusion detection system in industrial control systems 14th International Conference on Computational Collective Intelligence

  36. Tesnim, Y., Farah, J.: A multi-agent-based system for intrusion detection. In: Jezic, G., Chen-Burger, J., Kusek, M., Sperka, R., Howlett, R.J., Jain, L.C. (eds.) Agents and multi-agent systems: technologies and applications 2021, pp. 177–191. Springer Singapore, Singapore (2021)

    Chapter  Google Scholar 

  37. Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A Dataset to Support Research in the Design of Secure Water Treatment Systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science 10242, Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_8

  38. Joseph Torres, T.D., Armbrust, M., S. Zhu, S.: Introducing low-latency continuous processing mode in structured streaming in apache spark 2.3, https://databricks.com/blog/2018/03/20/low-latency-continuous-processing-mode-in-structured-streaming-in-apache-spark-2-3-0.html (2018) Accessed 10 June 2022

  39. Classification and regression, https://spark.apache.org/docs/latest/ml-classification-regression.html Accessed 1 March 2022

  40. Apache spark: Evaluation metrics, https://spark.apache.org/docs/latest/mllib-evaluation-metrics.html Accessed 6 June 2022

  41. Kravchik, M., Shabtai, A.: Detecting cyber attacks in industrial control systems using convolutional neural networks, In: Proceedings of the 2018 workshop on cyber-physical systems security and privacy, CPS-SPC ’18, Association for computing machinery, New York, NY, USA, (2018), pp. 72–83. 10.1145/ 3264888.3264896

  42. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning, 17th IEEE International Conference on Data Mining Workshops ICDMW, New Orleans pp. 1058–1065 https://doi.org/10.1109/ICDMW.2017.149 (2017)

  43. Elnour, M., Meskin, N., Khan, K., Jain, R.: A dual-isolation-forests-based attack detection framework for industrial control systems. IEEE Access 8, 36639–36651 (2020). https://doi.org/10.1109/ACCESS.2020.2975066

    Article  Google Scholar 

  44. Shalyga, D., Filonov, P., Lavrentyev, A.: Anomaly detection for water treatment system based on neural network with automatic architecture optimization, CoRR abs/1807.07282. arXiv:1807.07282

  45. Li, D., Chen, D., Shi, L., Jin, B., Goh, J., Ng, S.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks, CoRR abs/1901.04997. arXiv:1901.04997

Download references

Author information

Authors and Affiliations

Authors

Contributions

AA: performed literature review and experiments including data collection, preprocessing and implementation of proposed approach. This work was supervised by FJ and OK: whom also verified the writing of the original draft.

Corresponding author

Correspondence to Ahlem Abid.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Abid, A., Jemili, F. & Korbaa, O. Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques. Cluster Comput 27, 2217–2238 (2024). https://doi.org/10.1007/s10586-023-04087-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-023-04087-7

Keywords

Navigation