Anomaly detection system based on classifier fusion in ICS environment

Vávra, Jan; Hromada, Martin

dc.title	Anomaly detection system based on classifier fusion in ICS environment	en
dc.contributor.author	Vávra, Jan
dc.contributor.author	Hromada, Martin
dc.relation.ispartof	Proceedings - 2017 International Conference on Soft Computing, Intelligent System and Information Technology: Building Intelligence Through IOT and Big Data, ICSIIT 2017
dc.identifier.isbn	978-1-4673-9899-2
dc.date.issued	2017
utb.relation.volume	2018-January
dc.citation.spage	32
dc.citation.epage	38
dc.event.title	5th International Conference on Soft Computing, Intelligent System and Information Technology, ICSIIT 2017
dc.event.location	Petra Christian Univ
utb.event.state-en	Informat dept
dc.event.sdate	2017-09-26
dc.event.edate	2017-09-29
dc.type	conferenceObject
dc.language.iso	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.identifier.doi	10.1109/ICSIIT.2017.35
dc.relation.uri	https://ieeexplore.ieee.org/abstract/document/8262539/
dc.subject	Classifier	en
dc.subject	industrial control system	en
dc.subject	cyber security	en
dc.subject	anomaly detection	en
dc.description.abstract	The detection of cyber-attacks has become a crucial task for highly sophisticated systems like industrial control systems (ICS). These systems are an essential part of critical information infrastructure. Therefore, we can highlight their vital role in contemporary society. The effective and reliable ICS cyber defense is a significant challenge for the cyber security community. Thus, intrusion detection is one of the demanding tasks for the cyber security researchers. In this article, we examine classification problem. The proposed detection system is based on supervised anomaly detection techniques. Moreover, we utilized classifiers algorithms in order to increase intrusion detection capabilities. The fusion of the classifiers is the way how to achieve the predefined goal.	en
utb.faculty	Faculty of Applied Informatics
dc.identifier.uri	http://hdl.handle.net/10563/1007870
utb.identifier.obdid	43876936
utb.identifier.scopus	2-s2.0-85049330863
utb.identifier.wok	000428025400007
utb.source	d-wok
dc.date.accessioned	2018-04-23T15:01:49Z
dc.date.available	2018-04-23T15:01:49Z
dc.description.sponsorship	Internal Grant Agency [IGA/FAI/2017/003]; Ministry of the Interior of the Czech Republic; Ministry of Education, Youth and Sports of the Czech Republic [LO1303 (MSMT-7778/2014)]; European Regional Development Fund under the project CEBIA-Tech [CZ.1.05/2.1.00/03.0089]; [VI20152019049]; [VI20172019054]
utb.contributor.internalauthor	Vávra, Jan
utb.contributor.internalauthor	Hromada, Martin
utb.fulltext.affiliation	Jan Vávra, Martin Hromada Department of Security Engineering Tomas Bata University in Zlín Zlín, Czech Republic jvavra@fai.utb.cz, hromada@fai.utb.cz
utb.fulltext.dates	-
utb.fulltext.references	[1] S. Gottwald, “Study on Critical Dependencies of Energy, Finance and Transport Infrastructures on ICT Infrastructure,” ver. 1.0, European Commission DG Justice, Freedom and Security, Germany, Feb. 2011. [2] T. Macaulay, Critical Infrastructure: Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies, CRC Press, 2008. [3] K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams, and A. Hahn, “Guide to Industrial Control Systems (ICS) Security,” Special Publication 800-82 rev. 2, National Institute of Standards and Technology (NIST), US Dept. of Commerce, May 2015, doi: 10.6028/NIST.SP.800-82r2. [4] Z. Dewa and L.A. Maglaras, “Data Mining and Intrusion Detection Systems,” Int. J. Advanced Computer Science and Applications (IJACSA), vol. 7, no. 1, 2016, doi: 10.14569/IJACSA.2016.070109. [5] J. Hosic, J. Lamps, and D.H. Hart, “Evolving Decision Trees to Detect Anomalies in Recurrent ICS Networks,” Proc. World Congr. on Industrial Control Systems Security (WCICSS), London (UK), Dec. 2015, pp. 50–57, doi: 10.1109/WCICSS.2015.7420323. [6] L.A. Maglaras, and J. Jiang, “Intrusion Detection in SCADA Systems using Machine Learning Techniques,” Proc. Science and Information Conference (SAI), London (UK), Aug. 2014, pp. 626–631, doi: 10.1109/SAI.2014.6918252. [7] M. Mantere, M. Sailio, and S. Noponen, “A Module for Anomaly Detection in ICS Networks,” Proc. 3rd Int. Conf. on High Confidence Networked Systems (HiCoNS), Berlin (Germany), Apr. 2014, pp. 49–56, doi: 10.1145/2566468.2566478. [8] C. Zhou, S. Huang, N. Xiong, S.H. Yang, H. Li, Y. Qin, and X. Li, “Design and Analysis of Multimodel-based Anomaly Intrusion Detection Systems in Industrial Process Automation,” IEEE Trans. on Systems, Man, and Cybernetics: Systems, vol. 45, no. 10, pp. 1345–1360, Oct. 2015, doi: 10.1109/TSMC.2015.2415763. [9] M.A. Bagheri, G. Hu, Q. Gao, and S. Escalera, “A Framework of Multi-classifier Fusion for Human Action Recognition,” Proc. 22nd Int. Conf. on Pattern Recognition (ICPR), Stockholm (Sweden), Aug. 2014, pp. 1260–1265, doi: 10.1109/ICPR.2014.226. [10] B. Hadjadji, Y. Chibani, and Y. Guerbai, “Multiple One-Class Classifier Combination for Multi-class Classification,” Proc. 22nd Int. Conf. on Pattern Recognition (ICPR), Stockholm (Sweden), Aug. 2014, pp. 2832–2837, doi: 10.1109/ICPR.2014.488. [11] K.R. Remya and J.S. Ramya, “Using Weighted Majority Voting Classifier Combination for Relation Classification in Biomedical Texts,” Proc. Int. Conf. on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), Kanyakumari (India), Jul. 2014, pp. 1205–1209, doi: 10.1109/ICCICCT.2014.6993144. [12] X. Zhu, B. Ma, and G. Guo, “An Adaptive-weight Regularization Method for Multi-classifier Fusion Decision,” Proc. Int. Conf. on Mechatronics and Control (ICMC), Jinzhou (China), Jul. 2014, pp. 343–346, doi: 10.1109/ICMC.2014.7231575. [13] O. Gharroudi, H. Elghazel, and A. Aussem, “Ensemble Multi-label Classification: A Comparative Study on Threshold Selection and Voting Methods,” Proc. IEEE 27th Int. Conf. on Tools with Artificial Intelligence (ICTAI), Vietri sul Mare (Italy), Nov. 2015, pp. 377–384, doi: 10.1109/ICTAI.2015.64. [14] D. Nozza, E. Fersini, and E. Messina, “Deep Learning and Ensemble Methods for Domain Adaptation,” Proc. IEEE 28th Int. Conf. on Tools with Artificial Intelligence (ICTAI), San Jose (CA, USA), Nov. 2016, pp. 184–189, doi: 10.1109/ICTAI.2016.0037. [15] N. Chauhan and S. Bahl, “Performance Analysis of Dimension Reduction Techniques with Classifier Combination for Intrusion Detection System,” Proc. 2nd Int. Conf. on Computing for Sustainable Global Development (INDIACom), New Delhi (India), Mar. 2015, pp. 1084–1089. [16] L. Akoglu, H. Tong, and D. Koutra, “Graph Based Anomaly Detection and Description: A Survey,” Data Mining and Knowledge Discovery, vol. 29, no. 3, pp. 626–688, May 2015, doi: 10.1007/s10618-014-0365-y. [17] V. Chandola, A. Banerjee, and V. Kumar, “Anomaly Detection: A Survey,” ACM Computing Surveys (CSUR), vol. 41, no. 3, article no. 15, Jul. 2009, doi: 10.1145/1541880.1541882. [18] D.W. Aha, D. Kibler, M.K. Albert, “Instance-based Learning Algorithms,” Machine Learning, vol. 6, no. 1, pp. 37–66, Jan. 1991, doi: 10.1007/BF00153759. [19] B.E. Boser, I.M. Guyon, and V.N. Vapnik, “A Training Algorithm for Optimal Margin Classifiers,” Proc. 5th Annu. Workshop on Computational Learning Theory, Pittsburgh (PA, USA), Jul. 1992, pp. 144–152, doi: 10.1145/130385.130401. [20] C.W. Hsu, C.C. Chang, and C.J. Lin, “A Practical Guide to Support Vector Classification,” 2003. [Online] Available: http://www.csie.ntu.edu.tw/~cjlin/papers/guide/guide.pdf. [21] J. Kittler, M. Hatef, R.P.W. Duin, and J. Matas, “On Combining Classifiers,” IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 20, no. 3, pp. 226–239, Mar. 1998, doi: 10.1109/34.667881. [22] R.C.B. Hink, J.M. Beaver, M.A. Buckner, T. Morris, U. Adhikari, and S. Pan, “Machine Learning for Power System Disturbance and Cyber-attack Discrimination,” Proc. 7th Int. Symp. on Resilient Control Systems (ISRCS), Denver (CO, USA), Aug. 2014, doi: 10.1109/ISRCS.2014.6900095. [23] T. Fawcett, “An Introduction to ROC Analysis,” Pattern Recognition Letters, vol. 27, no. 8, pp. 861–874, Jun. 2006, doi: 10.1016/j.patrec.2005.10.010. [24] L. Breiman “Random Forests,” Machine Learning, 2001, 45(1):5-32. [25] A. Kaur and I. Kaur, “An Empirical Evaluation of Classification Algorithms for Fault Prediction in Open Source Projects,” J. King Saud University – Computer and Information Sciences, to be published, doi: 10.1016/j.jksuci.2016.04.002.
utb.fulltext.sponsorship	This work was funded by the Internal Grant Agency (IGA/FAI/2017/003) and supported by the project ev. no. VI20152019049 "RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems", supported by the Ministry of the Interior of the Czech Republic in the years 2015-2019 and also supported by the research project VI20172019054 "An analytical software module for the real-time resilience evaluation from point of the converged security", supported by the Ministry of the Interior of the Czech Republic in the years 2017-2019. Moreover, this work was supported by the Ministry of Education, Youth and Sports of the Czech Republic within the National Sustainability Programme project No. LO1303 (MSMT-7778/2014) and also by the European Regional Development Fund under the project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089. Finally, we thank our colleagues from Mississippi State University and Oak Ridge National Laboratory which provides SCADA datasets.
utb.wos.affiliation	[Vavra, Jan; Hromada, Martin] Tomas Bata Univ Zlin, Dept Secur Engn, Zlin, Czech Republic
utb.fulltext.projects	IGA/FAI/2017/003
utb.fulltext.projects	VI20152019049
utb.fulltext.projects	VI20172019054
utb.fulltext.projects	LO1303 (MSMT-7778/2014)
utb.fulltext.projects	CZ.1.05/2.1.00/03.0089