Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

Moojan Pordelkhaki; Shereen Fouad; Mark  Josephs

doi:10.1109/ISI53945.2021.9624757

Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

Moojan Pordelkhaki, Shereen Fouad , Mark Josephs

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.

Original language	English
Title of host publication	19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)
Publisher	IEEE
ISBN (Electronic)	978-1-6654-3838-4
ISBN (Print)	978-1-6654-3839-1
DOIs	https://doi.org/10.1109/ISI53945.2021.9624757
Publication status	Published - 8 Oct 2021
Event	19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI) - San Antonio, Texas, United States Duration: 2 Nov 2021 → 4 Nov 2021 http://www.open-access.bcu.ac.uk/12318/

Conference

Conference	19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)
Country/Territory	United States
City	Texas
Period	2/11/21 → 4/11/21
Internet address	http://www.open-access.bcu.ac.uk/12318/

Bibliographical note

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

Network Intrusion Detection System
Industrial Control System
machine learning

Access to Document

10.1109/ISI53945.2021.9624757

Cyber_Anomaly_Detection_in_SWaT_Using_Auxiliary_Data_for_IEEE_ISI_2021_CameraReady_
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 1.25 MB

Cite this

@inproceedings{eb313ff270e44e32ae182f58096dea54,

title = "Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information",

abstract = "The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.",

keywords = "Network Intrusion Detection System, Industrial Control System, machine learning",

author = "Moojan Pordelkhaki and Shereen Fouad and Mark Josephs",

note = "{\textcopyright} 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.; 19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI) ; Conference date: 02-11-2021 Through 04-11-2021",

year = "2021",

month = oct,

day = "8",

doi = "10.1109/ISI53945.2021.9624757",

language = "English",

isbn = "978-1-6654-3839-1",

booktitle = "19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)",

publisher = "IEEE",

address = "United States",

url = "http://www.open-access.bcu.ac.uk/12318/",

}

Pordelkhaki, M, Fouad , S & Josephs, M 2021, Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information. in 19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI). IEEE, 19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI), Texas, Texas, United States, 2/11/21. https://doi.org/10.1109/ISI53945.2021.9624757

TY - GEN

T1 - Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

AU - Pordelkhaki, Moojan

AU - Fouad , Shereen

AU - Josephs, Mark

N1 - © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2021/10/8

Y1 - 2021/10/8

N2 - The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.

AB - The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.

KW - Network Intrusion Detection System

KW - Industrial Control System

KW - machine learning

UR - http://www.isi-conf.org/

U2 - 10.1109/ISI53945.2021.9624757

DO - 10.1109/ISI53945.2021.9624757

M3 - Conference publication

SN - 978-1-6654-3839-1

BT - 19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)

PB - IEEE

T2 - 19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)

Y2 - 2 November 2021 through 4 November 2021

ER -

Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this