Detecting cyberattacks in industrial control systems using online learning algorithms

Author

Guangxia LI
Yulong SHEN
Peilin ZHAO
Xiao LU
Jia LIU
Yangyang LIU
Steven C. H. HOI, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

10-2019

Abstract

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace-the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-theart online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds- power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

Keywords

Online learning, Cost-sensitive learning, Cybersecurity, Industrial control systems, Intrusion detection

Discipline

Databases and Information Systems | Theory and Algorithms

Research Areas

Data Science and Engineering

Publication

Neurocomputing

Volume

364

First Page

338

Last Page

348

ISSN

0925-2312

Identifier

10.1016/j.neucom.2019.07.031

Publisher

Elsevier

Citation

LI, Guangxia; SHEN, Yulong; ZHAO, Peilin; LU, Xiao; LIU, Jia; LIU, Yangyang; and HOI, Steven C. H.. Detecting cyberattacks in industrial control systems using online learning algorithms. (2019). Neurocomputing. 364, 338-348.
Available at: https://ink.library.smu.edu.sg/sis_research/5132

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1016/j.neucom.2019.07.031