The threat landscape for industrial systems is in rapid evolution, with cyber-attacks becoming increasingly sophisticated, targeted, and motivated. This situation should raise many concerns because of the growing interconnection of industrial control systems with the Internet, as well as the proliferation of cyber-physical systems and the Industrial Internet of Things. In these scenarios, an accurate detection of attacks is of utmost importance. Unavailability of large industrial datasets represents one of the primary obstacles to the application of traditional machine learning techniques to early and accurate identification of cyber attacks. We propose an autoencoder-based anomaly detector that leverages unsupervised learning algorithms thus enabling the detection of various classes of cyber threats without the need for attack-specific training activities. Our model can take advantage of the intrinsic predictability of industrial settings that allow it to learn the inherent characteristics of standard traffic probability distribution. Based on our experimental results, the considered model exhibits robust generalization capabilities and demonstrates high proficiency in detecting different types of attacks as anomalies, including those previously unknown during the training phase.
Russo, S., Zanasi, C., Marasco, I., Colajanni, M. (2024). Autoencoder-Based Solution for Intrusion Detection in Industrial Control System [10.1007/978-3-031-62277-9_34].
Autoencoder-Based Solution for Intrusion Detection in Industrial Control System
Russo, Silvio
Primo
;Zanasi, ClaudioSecondo
;Marasco, IsabellaPenultimo
;Colajanni, MicheleUltimo
2024
Abstract
The threat landscape for industrial systems is in rapid evolution, with cyber-attacks becoming increasingly sophisticated, targeted, and motivated. This situation should raise many concerns because of the growing interconnection of industrial control systems with the Internet, as well as the proliferation of cyber-physical systems and the Industrial Internet of Things. In these scenarios, an accurate detection of attacks is of utmost importance. Unavailability of large industrial datasets represents one of the primary obstacles to the application of traditional machine learning techniques to early and accurate identification of cyber attacks. We propose an autoencoder-based anomaly detector that leverages unsupervised learning algorithms thus enabling the detection of various classes of cyber threats without the need for attack-specific training activities. Our model can take advantage of the intrinsic predictability of industrial settings that allow it to learn the inherent characteristics of standard traffic probability distribution. Based on our experimental results, the considered model exhibits robust generalization capabilities and demonstrates high proficiency in detecting different types of attacks as anomalies, including those previously unknown during the training phase.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
