TY - UNPB
T1 - A Process-Informed Approach to Network Intrusion Detection for Cyber Physical Systems
AU - Pordelkhaki, Moojan
AU - Arshad, Junaid
AU - Fouad , Shereen
AU - Josephs, Mark
PY - 2024/2/14
Y1 - 2024/2/14
N2 - Research into the application of machine learning techniques to the problem of network intrusion detection is important for the effective automation of cyber security. In the setting of Cyber Physical Systems, cyber-attacks compromise physical processes, affecting the normal function of critical assets. Our hypothesis is that training machine learning algorithms on a dataset that combines network traffic data with physical process data can improve network intrusion detection performance. Specifically, our Process-Informed Network Intrusion Detection for Cyber Physical Systems (PINIDS) framework deploys the Learning Using Privileged Information (LUPI) paradigm for training a supervised Network Intrusion Detection model that is infused with network and process data in the learning phase and operates on network data at run-time. The PINIDS framework has been evaluated using SWaT dataset against brute force and unauthorised command message attacks, and using LUPI machine learning techniques including SVM+, Margin Transfer, Transfer Learning, and Distillation. The experimentation highlighted improved balance between precision and recall by increasing detection accuracy while minimizing false positives and false negatives. Specifically, the F1-measure improved significantly when using the SVM+ algorithm by 21.47\% and the distilled DNN model showed an average improvement of 12.23\% in F1-measure in compare to other models.
AB - Research into the application of machine learning techniques to the problem of network intrusion detection is important for the effective automation of cyber security. In the setting of Cyber Physical Systems, cyber-attacks compromise physical processes, affecting the normal function of critical assets. Our hypothesis is that training machine learning algorithms on a dataset that combines network traffic data with physical process data can improve network intrusion detection performance. Specifically, our Process-Informed Network Intrusion Detection for Cyber Physical Systems (PINIDS) framework deploys the Learning Using Privileged Information (LUPI) paradigm for training a supervised Network Intrusion Detection model that is infused with network and process data in the learning phase and operates on network data at run-time. The PINIDS framework has been evaluated using SWaT dataset against brute force and unauthorised command message attacks, and using LUPI machine learning techniques including SVM+, Margin Transfer, Transfer Learning, and Distillation. The experimentation highlighted improved balance between precision and recall by increasing detection accuracy while minimizing false positives and false negatives. Specifically, the F1-measure improved significantly when using the SVM+ algorithm by 21.47\% and the distilled DNN model showed an average improvement of 12.23\% in F1-measure in compare to other models.
UR - https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4725855
U2 - 10.2139/ssrn.4725855
DO - 10.2139/ssrn.4725855
M3 - Preprint
BT - A Process-Informed Approach to Network Intrusion Detection for Cyber Physical Systems
ER -