Sammendrag
Industrial Control Systems (ICS) are widely used to carry out the fundamental functions of a society and are frequently employed in Critical Infrastructures (CIs). Consequently, protection against cyber-attacks is essential for these systems. Over the years, numerous cyber-attack detection system concepts have been proposed, each employing a distinct set of processes and methodologies. Despite this, there is a significant gap in the field of techniques for detecting cyber-attacks on ICS. Most existing studies used device logs, which require considerable pre-processing and understanding before they can be utilized for intrusion detection in an ICS environment. In this paper, we proposed an intrusion detection using an autoencoder for feature dimensionality reduction trained on network flow data via a Deep Convolutional Neural Network (DCNN) and Long Short-Term Memory (LSTM), which does not require prior knowledge of the underlying architecture and network's topology. The experimental analysis was performed on the ICS dataset and gas pipeline data given by Mississippi State University (MSU). The LSTM model achieved an accuracy greater than 99% and an AUC-ROC of 99.50% on the ICS data, whereas the DCNN model achieved an accuracy of 96.0% and an AUC-ROC of 97.20% on the gas pipeline network data, with extremely low false negatives and false positives. The results of the study showed that LSTM is superior to DCNN in detecting anomalies in ICS. In addition, the results disclosed that LSTM and DCNN are effective at time series prediction tasks. This observation is encouraging, as DCNN and LSTM are smaller, faster, and more straightforward than the deep neural network and recurrent neural networks utilized in previous research. The proposed IDS architecture is a low-cost, network-based solution that requires minimal processing, performs unsupervised, and is straightforward to implement in a real-world environment.
Vis fullstendig beskrivelse
