Enhancing Critical Infrastructure Security: Unsupervised Learning Approaches for Anomaly Detection
aut.relation.articlenumber | 236 | |
aut.relation.issue | 1 | |
aut.relation.journal | International Journal of Computational Intelligence Systems | |
aut.relation.volume | 17 | |
dc.contributor.author | Pinto, A | |
dc.contributor.author | Herrera, LC | |
dc.contributor.author | Donoso, Y | |
dc.contributor.author | Gutierrez, JA | |
dc.date.accessioned | 2024-09-17T02:54:11Z | |
dc.date.available | 2024-09-17T02:54:11Z | |
dc.date.issued | 2024-09-10 | |
dc.description.abstract | Traditional security detection methods face challenges in identifying zero-day attacks in critical infrastructures (CIs) integrated with the industrial internet of things (IIoT). These attacks exploit unknown vulnerabilities and are difficult to detect due to their connection to physical systems. The integration of legacy ICS networks with modern computing and networking technologies has significantly expanded the attack surface, making these systems more susceptible to cyber-attacks. Despite existing security measures, attackers continually find ways to breach these operating networks. Anomaly detection systems are critical in protecting these CIs from current cyber threats. This study investigates the effectiveness of unsupervised anomaly detection models in detecting operational anomalies that could lead to cyber-attacks, thereby disrupting and negatively impacting quality of life. We preprocess the data with a focus on cybersecurity and chose the SWAT dataset because it accurately represents the types of attack vectors that critical infrastructures commonly encounter. We evaluated the performance of isolation forest (IF), local outlier factor (LOF), one-class SVM (OCSVM), and Autoencoder algorithms—trained exclusively on normal data—in enhancing cybersecurity within IIoT environments. Our comprehensive analysis includes an assessment of each model’s detection capabilities. The findings highlight the VAE-LSTM model’s potential to identify cyber-attacks within seconds in a high-frequency dataset, suggesting near real-time detection capability. The final model combines the reconstruction ability of the variational autoencoder (VAE) with regularization using the Kullback–Leibler divergence, reflecting the non-Gaussian nature of industrial system data. Our model successfully detected 23 out of 26 attack scenarios in the SWAT dataset, demonstrating its effectiveness in improving the security of IIoT-based CIs. | |
dc.identifier.citation | International Journal of Computational Intelligence Systems, ISSN: 1875-6891 (Print); 1875-6883 (Online), Springer Science and Business Media LLC, 17(1). doi: 10.1007/s44196-024-00644-z | |
dc.identifier.doi | 10.1007/s44196-024-00644-z | |
dc.identifier.issn | 1875-6891 | |
dc.identifier.issn | 1875-6883 | |
dc.identifier.uri | http://hdl.handle.net/10292/18021 | |
dc.language | en | |
dc.publisher | Springer Science and Business Media LLC | |
dc.relation.uri | https://link.springer.com/article/10.1007/s44196-024-00644-z | |
dc.rights | Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. | |
dc.rights.accessrights | OpenAccess | |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | |
dc.subject | 08 Information and Computing Sciences | |
dc.subject | 46 Information and computing sciences | |
dc.title | Enhancing Critical Infrastructure Security: Unsupervised Learning Approaches for Anomaly Detection | |
dc.type | Journal Article | |
pubs.elements-id | 569117 |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Pinto et al_2024_Enhancing critical infrastructure security.pdf
- Size:
- 1.32 MB
- Format:
- Adobe Portable Document Format
- Description:
- Journal article