Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information

Moojan Pordelkhaki, Shereen Fouad , Mark Josephs

    Research output: Chapter in Book/Published conference outputConference publication

    Abstract

    The continuous operation of an industrial process, such as water treatment or power generation, is governed by an Industrial Control System (ICS). Cyber attacks on industrial networks are of growing concern because of the disruption they can cause, leading to loss of revenue, and the possibility of harm to workers, plant and surroundings. Operators therefore need a Network Intrusion Detection System (NIDS) to analyse industrial network traffic in real time for adversarial behaviour. Machine Learning (ML) is applicable to the problem of network intrusion detection. This paper investigates the possibility of training an ML-based NIDS for an ICS (specifically, the well-known Secure Water Treatment testbed) by combining network traffic data and physical process data. In the supplied dataset, data had already been labelled “according to normal and abnormal behaviours”; the labelling of data collected around the start and end of each attack was scrutinized and, where found to be problematic, labelled data were excluded in order to improve the effectiveness of supervised learning. The ML technique of “Learning using Privileged Information” was evaluated and found to be superior to six baseline ML algorithms trained on network traffic data alone.
    Original languageEnglish
    Title of host publication19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)
    PublisherIEEE
    ISBN (Electronic)978-1-6654-3838-4
    ISBN (Print)978-1-6654-3839-1
    DOIs
    Publication statusPublished - 8 Oct 2021
    Event19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI) - San Antonio, Texas, United States
    Duration: 2 Nov 20214 Nov 2021
    http://www.open-access.bcu.ac.uk/12318/

    Conference

    Conference19th Annual IEEE International Conference on Intelligence and Security Informatics (ISI)
    Country/TerritoryUnited States
    CityTexas
    Period2/11/214/11/21
    Internet address

    Bibliographical note

    © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

    Keywords

    • Network Intrusion Detection System
    • Industrial Control System
    • machine learning

    Fingerprint

    Dive into the research topics of 'Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information'. Together they form a unique fingerprint.

    Cite this