ABSTRACT
Attacks on Cyber-Physical Systems (CPS) are extremely costly to repair, which is why the early warning is critical for industrial control system security. Previous warning methods have relied heavily on statistical analysis, but such methods struggle to adequately capture the nonlinear relationship between time series data and describe its changing trend. It has limitations in the face of long-term forecasts. This paper analyses the main characteristics of intrusion data in CPS: high dimensionality, data imbalance, and missing data due to few failure samples and sensor failures in highly reliable equipment. Based on the above problem, we propose an intrusion warning system based on missing data, which consists of three modules: data collection module, data interpolation module and intrusion warning module. The improved Generative Adversarial Networks (GAN) model is used to interpolate the missing data and improve the quality of the interpolated data, which is then handed over to the downstream model for intrusion warning. Experiments are conducted on two intrusion datasets collected from CPS. The experimental results show that the model produces more accurate interpolated data and has a high detection rate in intrusion warning work. The proposed data repair and warning method are more applicable to CPS.
- Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security issues. Computers in Industry, 100, 212-223.Google Scholar
- Thakur, S., Chakraborty, A., De, R., Kumar, N., & Sarkar, R. (2021). Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model. Computers & Electrical Engineering, 91, 107044.Google ScholarCross Ref
- Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., & Meskin, N. (2020). Cybersecurity for industrial control systems: A survey. computers & security, 89, 101677.Google Scholar
- Khalili, A., Sami, A., Khozaei, A., & Pouresmaeeli, S. (2018). SIDS: State-based intrusion detection for stage-based cyber physical systems. International Journal of Critical Infrastructure Protection, 22, 113-124.Google Scholar
- Jordanov, I., Petrov, N., & Petrozziello, A. (2018). Classifiers accuracy improvement based on missing data imputation. Journal of Artificial Intelligence and Soft Computing Research, 8(1), 31-48.Google Scholar
- Zhang, Y., Zhou, B., Cai, X., Guo, W., Ding, X., & Yuan, X. (2021). Missing value imputation in multivariate time series with end-to-end generative adversarial networks. Information Sciences, 551, 67-82.Google Scholar
- Kaiser, J. (2014). Dealing with Missing Values in Data. Journal of Systems Integration (1804-2724), 5(1).Google Scholar
- Faisal, S., & Tutz, G. (2021). Multiple imputation using nearest neighbor methods. Information Sciences, 570, 500-516.Google Scholar
- White, I. R., Royston, P., & Wood, A. M. (2011). Multiple imputation using chained equations: issues and guidance for practice. Statistics in medicine, 30(4), 377-399.Google Scholar
- Che, Z., Purushotham, S., Cho, K., Sontag, D., & Liu, Y. (2018). Recurrent neural networks for multivariate time series with missing values. Scientific reports, 8(1), 6085.Google Scholar
- Yoon, J., Jordon, J., & Schaar, M. (2018, July). Gain: Missing data imputation using generative adversarial nets. In International conference on machine learning (pp. 5689-5698). PMLR.Google Scholar
- Neves, D. T., Naik, M. G., & Proença, A. (2021, June). SGAIN, WSGAIN-CP and WSGAIN-GP: Novel GAN methods for missing data imputation. In Computational Science–ICCS 2021: 21st International Conference, Krakow, Poland, June 16–18, 2021, Proceedings, Part I (pp. 98-113). Cham: Springer International Publishing.Google Scholar
- Cho S, Cho S, Yow K C. A robust time series prediction model using POMDP and data analysis[J]. Journal of Advances in Information Technology (JAIT), 2017.Google ScholarCross Ref
- Du, S., Li, T., Yang, Y., & Horng, S. J. (2020). Multivariate time series forecasting via attention-based encoder–decoder framework. Neurocomputing, 388, 269-279.Google Scholar
- Luo, Y., Cai, X., Zhang, Y., & Xu, J. (2018). Multivariate time series imputation with generative adversarial networks. Advances in neural information processing systems, 31.Google Scholar
- Arjovsky, M., Chintala, S., & Bottou, L. (2017, July). Wasserstein generative adversarial networks. In International conference on machine learning (pp. 214-223). PMLR.Google Scholar
- Gao, X., Deng, F., & Yue, X. (2020). Data augmentation in fault diagnosis based on the Wasserstein generative adversarial network with gradient penalty. Neurocomputing, 396, 487-494.Google Scholar
- Yazdinejad, A., Kazemi, M., Parizi, R. M., Dehghantanha, A., & Karimipour, H. (2022). An ensemble deep learning model for cyber threat hunting in industrial internet of things. Digital Communications and Networks.Google Scholar
- Lin, W. C., & Tsai, C. F. (2020). Missing value imputation: a review and analysis of the literature (2006–2017). Artificial Intelligence Review, 53, 1487-1509.Google Scholar
- Cao, W., Wang, D., Li, J., Zhou, H., Li, L., & Li, Y. (2018). Brits: Bidirectional recurrent imputation for time series. Advances in neural information processing systems, 31.Google Scholar
- Chicco, D., Warrens, M. J., & Jurman, G. (2021). The coefficient of determination R-squared is more informative than SMAPE, MAE, MAPE, MSE and RMSE in regression analysis evaluation. PeerJ Computer Science, 7, e623.Google Scholar
Index Terms
- Time series intrusion warning with GAN for missing data in CPS
Recommendations
Cross-domain alert correlation methodology for industrial control systems
AbstractAlert correlation is a set of techniques that process alerts raised by intrusion detection systems to eliminate redundant alerts, reduce the number of false positives, and reconstruct attack scenarios. Since Industrial Control Systems (...
Data warehousing and data mining techniques for intrusion detection systems
This paper describes data mining and data warehousing techniques that can improve the performance and usability of Intrusion Detection Systems (IDS). Current IDS do not provide support for historical data analysis and data summarization. This paper ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Comments