A Process-Informed Approach to Network Intrusion Detection for Cyber Physical Systems

Moojan Pordelkhaki, Junaid Arshad, Shereen Fouad , Mark Josephs

Research output: Preprint or Working paperPreprint

Abstract

Research into the application of machine learning techniques to the problem of network intrusion detection is important for the effective automation of cyber security. In the setting of Cyber Physical Systems, cyber-attacks compromise physical processes, affecting the normal function of critical assets. Our hypothesis is that training machine learning algorithms on a dataset that combines network traffic data with physical process data can improve network intrusion detection performance. Specifically, our Process-Informed Network Intrusion Detection for Cyber Physical Systems (PINIDS) framework deploys the Learning Using Privileged Information (LUPI) paradigm for training a supervised Network Intrusion Detection model that is infused with network and process data in the learning phase and operates on network data at run-time. The PINIDS framework has been evaluated using SWaT dataset against brute force and unauthorised command message attacks, and using LUPI machine learning techniques including SVM+, Margin Transfer, Transfer Learning, and Distillation. The experimentation highlighted improved balance between precision and recall by increasing detection accuracy while minimizing false positives and false negatives. Specifically, the F1-measure improved significantly when using the SVM+ algorithm by 21.47\% and the distilled DNN model showed an average improvement of 12.23\% in F1-measure in compare to other models.
Original languageEnglish
DOIs
Publication statusPublished - 14 Feb 2024

Fingerprint

Dive into the research topics of 'A Process-Informed Approach to Network Intrusion Detection for Cyber Physical Systems'. Together they form a unique fingerprint.

Cite this