Abstract
Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks.
Similar content being viewed by others
References
Morgan, S.: Cybercrime to cost the world $10.5 trillion annually by 2025, Cyber- crime Magazine (Nov. 13, 2020)
Sahu, A., Mao, Z., Wlazlo, P., Huang, H., Davis, K., Goulart, A., Zonouz, S.: Multi-source multi-domain data fusion for cyberattack detection in power sys- tems. IEEE Access 9, 119118–119138 (2021). https://doi.org/10.1109/ACCESS.2021.3106873
Yang, A., Wang, X., Sun, Y., Hu, Y., Shi, Z., Sun, L.: Multi-dimensional data fusion intrusion detection for stealthy attacks on industrial control systems. 2018 IEEE Global Commun. Conf. (GLOBECOM) 2018, 1–7 (2018). https://doi.org/10.1109/GLOCOM.2018.8648131
Anjum, N., Latif, Z., Lee, C., Shoukat, I.A., Iqbal, U.: Mind: a multi-source data fusion scheme for intrusion detection in networks. Sensors 21(14), 4941 (2021). https://doi.org/10.3390/s21144941
Jemili, F.: (2023) Towards data fusion-based big data analytics for intrusion detection. J. Inform. Telecommun. (2023). https://doi.org/10.1080/247518392214976
Perales Gomez, L., Fernandez Maimo, L., Huertas Celdran, A., Gar-cia Clemente, F.J.: Madics: a methodology for anomaly detection in industrial control systems. Symmetry (2020). https://doi.org/10.3390/sym12101583
Hafsa, M., Jemili, F.: Comparative study between big data analysis techniques in intrusion detection. Big Data Cognit. Comput. (2018). https://doi.org/10.3390/bdcc3010001
Ben Fekih, R., F. Jemili, F.: Distributed architecture of an intrusion detection system based on cloud computing and big data techniques. In: Bouhlel, M.S., Rovetta, S. (Eds.), Proceedings of the 8th International conference on sciences of electronics, technologies of information and telecommunications (SETIT’18), vol. 1, pp. 192–201. Springer International Publishing, Cham (2018)
Essid, M., Jemili, F.: Combining intrusion detection datasets using mapreduce. In: 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC). .pp. 004724–004728. (2016) https://doi.org/10.1109/SMC.2016.7844977
Elayni, M., Jemili, F.: Using mongodb databases for training and combining intru- sion detection datasets. In: Lee, R. (ed.) Software engineering, artificial intelligence networking and parallel/distributed computing, pp. 17–29. Springer International Publishing, Cham (2018)
Manzoor, M.A., Morgan, Y.: Real-time support vector machine based network intrusion detection system using apache storm, In: 2016 IEEE 7th annual infor- mation technology, electronics and mobile communication conference (IEM- CON). pp. 1–5. (2016) https://doi.org/10.1109/IEMCON.2016.7746264
Jemili, F., Bouras, H.: Intrusion detection based on big data fuzzy analytics. In: Kakulapati, V. (ed.) Open Data. IntechOpen, London (2021)
Jemili, F.: Intelligent intrusion detection based on fuzzy big data classification. Clust. Comput. (2022). https://doi.org/10.1007/s10586-022-03769-y
Douiba, M., Benkirane, S., Guezzaz, A., Azrour, M.: An improved anomaly detec tion model for iot security using decision tree and gradient boosting. J. Supercomput. (2022). https://doi.org/10.1007/s11227-022-04783-y
Guezzaz, A., Benkirane, S., Azrour, M., Khurram, S.: A reliable network intrusion detection approach using decision tree with enhanced data quality. Secur. Commun. Netw. (2021). https://doi.org/10.1155/2021/1230593
Ferrag, M.A., Friha, O., Hamouda, D., Maglaras, L., Janicke, H.: Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications for centralized and federated learning. IEEE Access 10, 40281–40306 (2022). https://doi.org/10.1109/ACCESS.2022.3165809
Tareq, I., Elbagoury, B.M., El-Regaily, S., El-Horbaty, E.-S.M.: Analysis of ton- iot, unw-nb15, and edge-iiot datasets using dl in cybersecurity for iot. Appl. Sci. (2022). https://doi.org/10.3390/app12199572
Azrour, M., Mabrouki, J., Guezzaz, A., Kanwal, A., Habib, U., Khan, F.: Internet of things security: challenges and key issues. Secur. Commun. Netw (2021). https://doi.org/10.1155/2021/5533843
Mohy-eddine, M., Guezzaz, A., Benkirane, S., Azrour, M.: An efficient network in- trusion detection model for iot security using k-nn classifier and feature selection. Multimed. Tools Appl. (2023). https://doi.org/10.1007/s11042-023-14795-2
Mohy-eddine, M., Guezzaz, A., Benkirane, S., Azrour, M.: An effective intru- sion detection approach based on ensemble learning for iiot edge comput- ing. J. Comput. Virol. Hacking Tech. (2022). https://doi.org/10.1007/s11416-022-00456-9
Hazman, C., Guezzaz, A., Benkirane, S., Azrour, M.: lids-sioel: intrusion detection framework for iot-based smart environments security using ensemble learning. Cluster Comput. (2022). https://doi.org/10.1007/s10586-022-03810-0
Sig, M., John, M., Ning, B.; Intrusion detection systems: a feature and capability analysis, Santa Cruz. (2010)
White, F.E.. Data fusion lexicon. Joint Directors of Labs Washington DC (1991)
Waltz, E.L., Llinas, J., White, F.E.: Multisensor data fusion. Artech House Inc., London (1990)
Wald, L.: Some terms of reference in data fusion. IEEE Trans. Geo- Sci. Remote Sens. 37(3), 1190–1193 (1999). https://doi.org/10.1109/36.763269
Mastrogiovanni, F., Sgorbissa, A., & Zaccaria, R.: (2007, January). A Distributed Architecture for Symbolic Data Fusion. In IJCAI (pp. 2153–2158)
Li, G., Fu, Y., Chen, H.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 1–16 (2018). https://doi.org/10.1155/2018/8210614
Lin, Q., Ooi, B.C., Wang, Z., Yu, C.: Scalable distributed stream join process- ing, SIGMOD ’15, Association for Computing Machinery. pp. 811–825. New York, NY (2015)
S. S. P. Guide, Stream-stream joins,https://spark.apache.org/docs/latest/structured-streaming-programming-guide.html#stream-stream-joins Accessed 15 June 2022
Wang, Y.: Stream processing systems benchmark: StreamBench, Master’s thesis, Aalto University. School of Science (2016)
Halas, F.”: Performance measurement of stream data processing in apache spark, Master’s thesis (2017)
Yavuz, B.: Benchmarking structured streaming on databricks runtime against state-of-the-art streaming systems, https://databricks.com/blog/2017/10/11/benchmarking-structured-streaming-on-databricks-runtime-against-state-of-the-art-strea.html (2017), Accessed 10 March 2022
Armbrust, M., Das, T., Torres, J., Yavuz, B., Zhu, S., Xin, R., Ghodsi, A., Stoica, I., Zaharia, M.: Structured streaming: a declarative api for real-time applications in apache spark. (2018), pp. 601–613. https://doi.org/10.1145/3183713.3190664.
Suthaharan, S.: Big data classification: Problems and challenges in network intru- sion prediction with machine learning. SIGMETRICS Perform. Eval. Rev. 41(4), 70–73 (2014). https://doi.org/10.1145/2627534.2627557
Abid, A., Jemili, F., Korbaa, O.: Distributed architecture of an intrusion detection system in industrial control systems 14th International Conference on Computational Collective Intelligence
Tesnim, Y., Farah, J.: A multi-agent-based system for intrusion detection. In: Jezic, G., Chen-Burger, J., Kusek, M., Sperka, R., Howlett, R.J., Jain, L.C. (eds.) Agents and multi-agent systems: technologies and applications 2021, pp. 177–191. Springer Singapore, Singapore (2021)
Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A Dataset to Support Research in the Design of Secure Water Treatment Systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science 10242, Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_8
Joseph Torres, T.D., Armbrust, M., S. Zhu, S.: Introducing low-latency continuous processing mode in structured streaming in apache spark 2.3, https://databricks.com/blog/2018/03/20/low-latency-continuous-processing-mode-in-structured-streaming-in-apache-spark-2-3-0.html (2018) Accessed 10 June 2022
Classification and regression, https://spark.apache.org/docs/latest/ml-classification-regression.html Accessed 1 March 2022
Apache spark: Evaluation metrics, https://spark.apache.org/docs/latest/mllib-evaluation-metrics.html Accessed 6 June 2022
Kravchik, M., Shabtai, A.: Detecting cyber attacks in industrial control systems using convolutional neural networks, In: Proceedings of the 2018 workshop on cyber-physical systems security and privacy, CPS-SPC ’18, Association for computing machinery, New York, NY, USA, (2018), pp. 72–83. 10.1145/ 3264888.3264896
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning, 17th IEEE International Conference on Data Mining Workshops ICDMW, New Orleans pp. 1058–1065 https://doi.org/10.1109/ICDMW.2017.149 (2017)
Elnour, M., Meskin, N., Khan, K., Jain, R.: A dual-isolation-forests-based attack detection framework for industrial control systems. IEEE Access 8, 36639–36651 (2020). https://doi.org/10.1109/ACCESS.2020.2975066
Shalyga, D., Filonov, P., Lavrentyev, A.: Anomaly detection for water treatment system based on neural network with automatic architecture optimization, CoRR abs/1807.07282. arXiv:1807.07282
Li, D., Chen, D., Shi, L., Jin, B., Goh, J., Ng, S.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks, CoRR abs/1901.04997. arXiv:1901.04997
Author information
Authors and Affiliations
Contributions
AA: performed literature review and experiments including data collection, preprocessing and implementation of proposed approach. This work was supervised by FJ and OK: whom also verified the writing of the original draft.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Abid, A., Jemili, F. & Korbaa, O. Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques. Cluster Comput 27, 2217–2238 (2024). https://doi.org/10.1007/s10586-023-04087-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-023-04087-7