Skip to main content

Advertisement

Springer Nature Link
Log in

Industrial network-based behavioral anomaly detection in AI-enabled smart manufacturing

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Existing manufacturing systems are isolated from the outside world to protect their sites and systems. However, following the trend of the 4th Industrial Revolution, manufacturing systems have also increased the connectivity of various domains and the convergence of numerous technologies. These systems are referred to as smart manufacturing systems. However, this trend has increased the challenge of network anomaly detection methods, which are a major approach to network security in smart manufacturing. Existing methods define normality under the premise that network components are static, and network operation is periodic compared to the information technology environment. Therefore, comprehensive and volatile network environments require significant time, cost, and labor to define normality. Consequently, artificial intelligence (AI)-based anomaly detection studies have been actively conducted to solve this problem. However, such studies require manual analysis based on expert knowledge of each site during the preprocessing stage to extract the learning features from the collected network data. To solve the above problems, this study proposes a protocol reverse engineering method corresponding to the preprocessing stage of exiting AI studies. Through this method, existing AI-based anomaly detection studies can directly use the collected network data to learn normality without expert knowledge of the site. Furthermore, non-polling or reporting network operating environments that are rarely studied in the manufacturing security domain are targeted. Finally, we propose an anomaly detection method that uses an external signature, time information, the pattern of time intervals, and classified messages. Thus, the proposed method can detect anomalies in the encrypted contents of the manufacturing protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Jo W et al (2019) Digital forensic practices and methodologies for AI speaker ecosystems. Digit Investig 29(Supplement):S80–S93

    Article  Google Scholar 

  2. Shin Yeonghun et al (2020) Certificate injection-based encrypted traffic forensics in AI speaker ecosystem. Forensic Sci Int Digt Investig 33(Supplement):301010

    Article  Google Scholar 

  3. Lee S et al (2020) ExtSFR: scalable file recovery framework based on an Ext file system. Multimed Tools Appl 33:16093–16111

    Article  Google Scholar 

  4. Yang Y et al (2013) Intrusion detection system for IEC 60870-5-104 based SCADA networks. In: 2013 IEEE Power & Energy Society General Meeting, pp 1–5

  5. Wong K et al (2017) Enhancing Suricata intrusion detection system for cyber security in SCADA networks. In: 2017 IEEE 30th Canadian conference on Electrical and Computer Engineering (CCECE), pp 1–5

  6. Goldenberg N et al (2013) Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int J Crit Infrastruct Prot 6(2):63–75

    Article  Google Scholar 

  7. Yoon MK et al (2014) Communication pattern monitoring: improving the utility of anomaly detection for industrial control systems. In: NDSS workshop on security of emerging networking technologies

  8. Kwon S et al (2020) IEEE 1815 1-based power system security with bidirectional RNN-based network anomalous attack detection for cyber-physical system. IEEE Access 8:77572–77586

    Article  Google Scholar 

  9. Jiang Feng et al (2018) Deep learning based multi-channel intelligent attack detection for data security. IEEE Trans Sustain Comput 5(2):204–212

    Article  Google Scholar 

  10. Rathore MM et al (2016) Hadoop based real-time intrusion detection for high-speed networks. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp 1–6

  11. Du H et al (2021) Network anomaly detection based on selective ensemble algorithm. J Supercomput 77:2875–2896

    Article  Google Scholar 

  12. Choi H et al (2019) Unsupervised learning approach for network intrusion detection system using autoencoders. J Supercomput 75:5597–6562

    Article  Google Scholar 

  13. Inoue J et al (2017) Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE international conference on Data Mining Workshops (ICDMW). IEEE

  14. Goh J et al (2017) Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th international symposium on high assurance systems engineering (HASE). IEEE

  15. Kravchik M et al (2018) Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 workshop on cyber-physical systems security and privacy

  16. Kim SungJin et al (2020) APAD: autoencoder-based payload anomaly detection for industrial IoE. Appl Soft Comput 88:106017

    Article  Google Scholar 

  17. Kim H et al (2021) Unknown payload anomaly detection based on format and field semantics inference in cyber-physical infrastructure systems. IEEE Access 9:75542–75552

    Article  Google Scholar 

  18. Lin CY et al (2017) Timing-based anomaly detection in SCADA networks. In: International conference on Critical Information Infrastructures Security, vol 10707. Springer, pp 48–59

  19. Lin CY et al (2019) Timing patterns and correlations in spontaneous {SCADA} traffic for anomaly detection. In: 22nd international symposium on research in attacks, intrusions and defenses (RAID 2019), pp 73–88

  20. Glynn Earl F et al (2006) Detecting periodic patterns in unevenly spaced gene expression time series using Lomb-scargle periodograms. Bioinformatics 22(3):310–316

    Article  Google Scholar 

  21. Liu W et al (2019) A novel network intrusion detection algorithm based on fast fourier transformation. In: 2019 1st international conference on Industrial Artificial Intelligence (IAI), pp 1–6

  22. Biswas PP et al (2019) A synthesized dataset for cybersecurity study of IEC 61850 based substation. In: 2019 IEEE international conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), pp 1–7

Download references

Acknowledgements

This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF), funded by the Ministry of Science, ICT & Future Planning (NRF-2018R1D1A1B07043349).

Author information

Authors and Affiliations

  1. Department of Artificial Intelligence Convergence Network, Ajou University, Suwon, Korea

    HyunJin Kim & Taeshik Shon

  2. Department of Cyber Security, Ajou University, Suwon, Korea

    Taeshik Shon

Authors
  1. HyunJin Kim
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Taeshik Shon
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Taeshik Shon.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, H., Shon, T. Industrial network-based behavioral anomaly detection in AI-enabled smart manufacturing. J Supercomput 78, 13554–13563 (2022). https://doi.org/10.1007/s11227-022-04408-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-022-04408-4

Keywords