Endüstriyel Kontrol Sistemlerinde Yenilikçi Anomali Tespit Sistemlerinin İncelenmesi

Yıl 2023, Cilt: 5 Sayı: 1, 34 - 46, 30.04.2023

Kerem Çınar Murat İskefiyeli

https://doi.org/10.46387/bjesr.1230141

Öz

Endüstriyel Kontrol Sistemleri (ICS) veya SCADA ağları, mimarileri tescilli donanım, yazılım ve protokollerden standart ve açık kaynaklara geçtikçe siber saldırıların hedefi haline gelmektedir. Büyük ölçekli sensör verileri, olağan dışı durumları ve siber saldırı olaylarını sürekli olarak izlenebilir kılmaktadır. Mevcut denetimsiz makine öğrenimi yaklaşımları, anormallikleri tespit etmek için sistemdeki sensörler arasındaki uzamsal-zamansal korelasyonu ve diğer bağımlılıkları tam olarak kullanmamıştır. Bu makale, Konvolüsyonel Sinir Ağı (CNN), Tekrarlayan Sinir Ağı (RNN), Stacked Autoencoder (SAE), Uzun Kısa Süreli Bellek gibi çeşitli mimarilerin SCADA ağlarındaki anomalilerin tespit edilmesinde kullanılan yaklaşımların incelenmesidir. Ayrıca makalede bu yöntemlerin incelenmesine ek olarak Uzun-Kısa Süreli-Bellek Tekrarlayan Sinir Ağlarını (LSTM-RNN) temel modeller (yani, üreteç ve ayrımcı) olarak kullanan, Üretken Çelişkili Ağlara (GAN'lar) dayalı denetimsiz çok değişkenli bir anomalli tespit yöntemini detaylı olarak sunmaktadır.

Anahtar Kelimeler

Derin Öğrenme, GAN, Endüstriyel Kontrol Sistemleri, Makine Öğrenimi

Investigation of Innovative Anomaly Detection Systems in Industrial Control Systems

Öz

Industrial Control Systems (ICS) or SCADA networks are becoming targets of cyber-attacks as their architectures move from proprietary hardware, software, and protocols to standard and open sources. Large-scale sensor data makes anomalies and cyber-attack events continuously monitored. Current unsupervised machine learning approaches have not fully exploited the spatiotemporal correlation and other dependencies between sensors in the system to detect anomalies. This article reviews the approaches used to detect anomalies in SCADA networks of various architectures such as Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Stacked Autoencoder (SAE), and Long Short-Term Memory. In addition to reviews of these methods in the article, an unsupervised multivariate anomaly detection method based on Generative Contradictory Networks (GANs) using Long-Short-Term-Memory Recurrent Neural Networks (LSTM-RNN) as basic models (i.e. generator and discriminator) is presented.

Anahtar Kelimeler

Deep Learning, Industrial Control Systems, Machine Learning, GAN

Kaynakça

• K.A. Stouffer, J.A. Falco, and K.A. Scarfone “Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations Such As Programmable Logic Controllers (PLC)”, Gaithersburg, MD, United States: NIST Special Publication vol.82 (800), 2014.
• Y. Zhang, L.Wang, W. Sun, R.C. Green II and M. Alam “Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids”, IEEE Transactions on Smart Grid. vol. 2, pp. 796-808, 2011 F. Pasqualetti, F. Dörfler, F. Bullo “Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design”, IEEE Conference on Decision and Control and European Control Conference, 2011.
• J. M. Beaver, R. Borges, M. Buckner “An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications”, 12th International Conference on Machine Learning and Applications, 2013.
• V. Chandolai, V. Mithal, V. Kumar “Comparative evaluation of anomaly detection techniques for sequence data”, In Eighth IEEE International Conference on Data Mining, pp. 743–748. 2008.
• B. Sun, P.B. Luh, Q.-S. Jia, Z.O. Neill, F. Song. “Building energy doctors: An spc and kalman filter-based method for system-level fault detection in hvac systems”, IEEE Transactions on Automation Science and Engineering, vol. 11, pp. 215–229, 2014.
• K. Donghwoon, H. Kim, J. Kim, S.C. Suh, I. Kim, K. J. Kim “A survey of deep learning-based network anomaly”, Cluster Comp., vol. 22, pp. 1–139, 2017.
• O. Mogren “C-rnn-gan: Continuous recurrent neural networks with adversarial training”, arxiv:1611.09904, 2016.
• E. Cristbal, S.L. Hyland, and G. Rtsch “Real-valued (medical) time series generation with recurrent conditional gans”, arXiv:1706.02633, 2017.
• X. Yuan, T. Xu, H. Zhang, R. Long, and X. Huang “Segan: Adversarial network with multi-scale l1 loss for medical image segmentation”, Neuroinform, vol. 16, pp. 383–392, 2018.
• S. Tim, I. Goodfellow, W. Zaremba, V. Cheung, A. Radford, and X. Chen “Improved techniques for training gans”, In Advances in Neural Information Processing Systems, arXiv:1606.03498, 2016.
• S. Thomas, P. Seebck, S.M. Waldstein, U. Schmidt-Erfurth, G. Langs “Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery”, Lecture Notes in Computer Science, vol. 10265, pp. 146–157, 2017.
• Z. Houssam, C.S. Foo, B. Lecouat, G. Manek, V.R. Chandrasekhar “Efficient gan-based anomaly detection”, arXiv:1802.06222, 2018.
• S. Li and J. Wen “A model-based fault detection and diagnostic methodology based on pca method and wavelet transform”, Energy and Buildings, vol. 68, pp. 63–71, 2014.
• S. Wol, E. Kim, P. Geladi “Principal component analysis”, Chemometrics and intelligent laboratory systems, vol. 2, pp. 37–52, 1987.
• S. Kotz and N.L. Johnson “Partial least squares”, In Encyclopedia of Statistical Sciences, vol. 6, pp. 581-591, 1985.
• D. Xuewu and Z. Gao “From model, signal to knowledge: A data-driven perspective of fault detection and diagnosis”, IEEE Transactions on Industrial Informatics, vol. 9, pp. 2226–2238, 2013.
• M.R. Breuni, P. Kröger, R.T. Ng, J. Sander “Lof: identifying density-based local outlier”, ACM SIGMOD Record, vol. 29, no. 2, pp. 93–104, 2000.
• M. Schuber, H.P. Kriegel and A. Zimek “Angle-based outlier detection in high-dimensional data”, Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 444–452, 2008.
• L. Aleksandar and V. Kumar. “Feature bagging for outlier detection”, Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, pp. 157–166, 2005.
• B. Zong, Q. Song, M.R. Min, W. Cheng,C. Lumezanu ,D. Cho,H. Chen “Deep autoencoding gaussian mixture model for unsupervised anomaly detection”, ICLR 2018 Conference Blind Submission, 2018.
• H. Edan and A. Shabtai. “Using lstm encoder-decoder algorithm for detecting anomalous ads-b messages”, Computers and Security, vol. 78, 2018.
• T. Karras, T. Aila, S. Laine, J. Lehtinen “Progressıve Growıng Of Gans For Improved Quality, Stability, and Variation”, ICLR, pp. l, 2018.
• A. Mathur N.O. Tippenhauer “Swat: A water treatment testbed for research and training on ics security”, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36, 2016.
• G. Jonathan, S. Adepu, K.N. Junejo, A. Mathur. “A dataset to support research in the design of secure water treatment systems”, International Conference on Critical Information Infrastructures Security, vol. 10242, 2017.
• C.M. Ahmed, V.R. Palletti and A.P. Mathur. “Wadi: A water distribution testbed for research in the design of secure cyber physical systems”, In Proceedings of the 3rd International Workshop on Cyber-Physical Systems forSmart Water Networks, pp. 25–28, 2017.
• Y. Raymond, C. Chen, T.Y. Lim, M. Hasegawa-Johnson, and M. N. Do. “Semantic image inpainting with perceptual and contextual losses”, arXiv:1607.07539, vol. 1607, 2016.
• S. Tim, I. Goodfellow, W. Zaremba, V. Cheung, A. Radford, and X. Chen “Improved techniques for training gans in In Advances in Neural Information Processing Systems”, Part of Advances in Neural Information Processing Systems vol. 29, pp. 2234–2242. 2016.