Abstract
Industrial control systems (ICS) now usually connect to Wireless Sensor Networks and the Internet, exposing them to security threats resulting from cyber-attacks. However, detecting such attacks is non-trivial task. The high-dimensional network data pose significant challenges on security anomaly detection. In this work, we propose a network flow data processing method, which can make the complex network data more standardized and unified to assist security anomaly detection. Then, data generation method is applied to collect enough training data. We also propose a evaluation method for generated data. Finally, the bidirectional recurrent neural networks with attention mechanism is proposed to extract the latent feature, and give an explainable results in identifying the dominant attributes. Empirical results show our method outperforms the state-of-the-art models.
Highlights
The core of Industry 4.0 strategy is the deep integration of information systems and physical systems, which aims at promoting the intelligence, informatization and digitization of industrial production
This paper proposes that evaluating the quality of the generated data needs to carried out in three claim: (i)Whether the generated data has a good inheritance of the original data characteristics. (ii) The diversity of the generated data. (iii) The speed at which the data is generated
In order to further evaluate the performance of the three methods, we propose a evaluation method based on Mahalanobis distance of intra-class and inter-class samples
Summary
The core of Industry 4.0 strategy is the deep integration of information systems and physical systems, which aims at promoting the intelligence, informatization and digitization of industrial production. Brun used dense random neural networks for online detection of IoT network attacks [12] These studies were not really targeted at data features, and can’t capture the potential characteristics. With the advent of the KDD 99 dataset, researchers paid more attention to high-dimensional network flow data features in ADS [13]. Since the size of anomaly samples in the data domain may be much smaller than the normal samples, there is a situation where the dataset is imbalanced If such imbalanced data is used for IDS model training directly, the detections results will be unreliable. There are many researches on imbalanced learning [19]–[22], but there is barely on ADS, especially on ICS networks anomaly detection. This paper is organized as follows: Section II describes the proposed network data feature process methods.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
