ENG  Vol.13 No.1 , January 2021
Review of Anomaly Detection Systems in Industrial Control Systems Using Deep Feature Learning Approach
Abstract: Industrial Control Systems (ICS) or SCADA networks are increasingly targeted by cyber-attacks as their architectures shifted from proprietary hardware, software and protocols to standard and open sources ones. Furthermore, these systems which used to be isolated are now interconnected to corporate networks and to the Internet. Among the countermeasures to mitigate the threats, anomaly detection systems play an important role as they can help detect even unknown attacks. Deep learning which has gained a great attention in the last few years due to excellent results in image, video and natural language processing is being used for anomaly detection in information security, particularly in SCADA networks. The salient features of the data from SCADA networks are learnt as hierarchical representation using deep architectures, and those learnt features are used to classify the data into normal or anomalous ones. This article is a review of various architectures such as Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Stacked Autoencoder (SAE), Long Short Term Memory (LSTM), or a combination of those architectures, for anomaly detection purpose in SCADA networks.
Cite this paper: Kabore, R. , Kouassi, A. , N’goran, R. , Asseu, O. , Kermarrec, Y. and Lenca, P. (2021) Review of Anomaly Detection Systems in Industrial Control Systems Using Deep Feature Learning Approach. Engineering, 13, 30-44. doi: 10.4236/eng.2021.131003.

[1]   Valdes, A. and Cheung, S. (2009) Intrusion Monitoring in Process Control Systems. 2009 42nd Hawaii International Conference on System Sciences, Waikoloa, 5-8 January 2009, 1-7.

[2]   Zhu, B., Joseph, A. and Sastry, S. (2011) A Taxonomy of Cyber-Attacks on SCADA Systems. 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, Dalian, 19-22 October 2011, 380-388.

[3]   Slay, J. and Miller, M. (2007) Lessons Learned from the Maroochy Water Breach. In: International Conference on Critical Infrastructure Protection, Springer, Boston, 73-82.

[4]   Case, D.U. (2016) Analysis of the Cyber-Attack on the Ukrainian Power Grid. Electricity Information Sharing and Analysis Center (E-ISAC), Washington DC, 388.

[5]   Miller, B. and Rowe, D. (2012) A Survey SCADA of and Critical Infrastructure Incidents. Proceedings of the 1st Annual Conference on Research in Information Technology, Calgary, 10-13 October 2012, 51-56.

[6]   Falliere, N., Murchu, L.O. and Chien, E. (2011) W32. Stuxnet Dossier. Security Response, 5, 29.

[7]   Goodfellow, I., Bengio, Y., Courville, A. and Bengio, Y. (2016) Deep Learning (Vol. 1, No. 2). MIT Press, Cambridge.

[8]   Feng, C., Li, T. and Chana, D. (2017) Multi-Level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, 26-29 June 2017, 261-272.

[9]   Javaid, A., Niyaz, Q., Sun, W. and Alam, M. (2016) A Deep Learning Approach for Network Intrusion Detection System. Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (Formerly BIONETICS), New York City, 3-5 December 2015, 21-26.

[10]   Kim, J., Kim, J., Thu, H.L.T. and Kim, H. (2016) Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. 2016 International Conference on Platform Technology and Service, Jeju, 15-17 February 2016, 1-5.

[11]   Ranzato, M.A., Boureau, Y.L. and Cun, Y.L. (2008) Sparse Feature Learning for Deep Belief Networks. In: Platt, .C., Koller, D., Singer, Y. and Roweis, S.T., Eds., Advances in Neural Information Processing Systems, MIT Press, Cambridge, 1185-1192.

[12]   Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I. and Kim, K.J. (2019) A Survey of Deep Learning-Based Network Anomaly Detection. Cluster Computing, 22, S949-S961.

[13]   Linda, O., Vollmer, T. and Manic, M. (2009) Neural Network Based Intrusion Detection System for Critical Infrastructures. 2009 International Joint Conference on Neural Networks, Atlanta, 14-19 June 2009, 1827-1834.

[14]   Mohammadpour, L., Ling, T.C., Liew, C.S. and Chong, C.Y. (2018) A Convolutional Neural Network for Network Intrusion Detection System. Proceedings of the Asia-Pacific Advanced Network, Auckland, 5-8 August 2018, 50-55.

[15]   Kim, K., Aminanto, M.E. and Tanuwidjaja, H.C. (2018) Network Intrusion Detection Using Deep Learning: A Feature Learning Approach. Springer, Berlin.

[16]   Xu, Q., Zhang, C., Zhang, L. and Song, Y. (2016) The Learning Effect of Different Hidden Layers Stacked Autoencoder. 2016 8th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), Vol. 2, 148-151.

[17]   Yousefi-Azar, M., Varadharajan, V., Hamey, L. and Tupakula, U. (2017) Autoencoder-Based Feature Learning for Cyber Security Applications. 2017 International Joint Conference on Neural Networks (IJCNN), Anchorage, 14-19 May 2017, 3854-3861.

[18]   Vincent, P., Larochelle, H., Bengio, Y. and Manzagol, P.A. (2008) Extracting and Composing Robust Features with Denoising Autoencoders. Proceedings of the 25th International Conference on Machine Learning, Helsinki, 5-9 July 2008, 1096-1103.

[19]   Bengio, Y., Courville, A.C. and Vincent, P. (2012) Unsupervised Feature Learning and Deep Learning: A Review and New Perspectives. ArXiv.

[20]   Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., Manzagol, P.A. and Bottou, L. (2010) Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion. Journal of Machine Learning Research, 11, 3371-3408.

[21]   Patterson, J. and Gibson, A. (2017) Deep Learning: A Practitioner’s Approach. O’Reilly Media, Inc., Sebastopol.

[22]   Morris, T. and Gao, W. (2014) Industrial Control System Traffic Data Sets for Intrusion Detection Research. In: International Conference on Critical Infrastructure Protection, Springer, Berlin, 65-78.

[23]   Potluri, S. and Diedrich, C. (2017) Deep Feature Extraction for Multi-Class Intrusion Detection in Industrial Control Systems. International Journal of Computer Theory and Engineering, 9, 374-379.

[24]   Axelsson, S. (2000) Intrusion Detection Systems: A Survey and Taxonomy (Vol. 99). Technical Report.

[25]   Li, L., Ota, K. and Dong, M. (2017) When Weather Matters: IoT-Based Electrical Load Forecasting for Smart Grid. IEEE Communications Magazine, 55, 46-51.

[26]   Nie, D., Zhang, H., Adeli, E., Liu, L. and Shen, D. (2016) 3D Deep Learning for Multi-Modal Imaging-Guided Survival Time Prediction of Brain Tumor Patients. In: Ourselin S., Joskowicz L., Sabuncu M., Unal G., Wells W., Eds., International Conference on Medical Image Computing and Computer-Assisted Intervention, Springer, Cham, 212-220.

[27]   Wilson, D., Tang, Y., Yan, J. and Lu, Z. (2018) Deep Learning-Aided Cyber-Attack Detection in Power Transmission Systems. 2018 IEEE Power & Energy Society General Meeting (PESGM), Portland, 5-10 August 2018, 1-5.

[28]   Kravchik, M. and Shabtai, A. (2018) Detecting Cyber-Attacks in Industrial Control Systems Using Convolutional Neural Networks. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, Toronto, 19 October 2018, 72-83.

[29]   Kingma, D.P. and Ba, J. (2014) Adam: A Method for Stochastic Optimization.

[30]   Szegedy, C., Ioffe, S., Vanhoucke, V. and Alemi, A. (2016) Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning.

[31]   He, Y., Mendis, G.J. and Wei, J. (2017) Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism. IEEE Transactions on Smart Grid, 8, 2505-2516.

[32]   Wei, J. and Mendis, G.J. (2016) A Deep Learning-Based Cyber-Physical Strategy to Mitigate False Data Injection Attack in Smart Grids. 2016 Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), Vienna, 12 April 2016, 1-6.

[33]   Zhao, H., Liu, H., Hu, W. and Yan, X. (2018) Anomaly Detection and Fault Analysis of Wind Turbine Components Based on Deep Learning Network. Renewable Energy, 127, 825-834.

[34]   Fiore, U., Palmieri, F., Castiglione, A. and De Santis, A. (2013) Network Anomaly Detection with the Restricted Boltzmann Machine. Neurocomputing, 122, 13-23.

[35]   Yan, W. and Yu, L. (2019) On Accurate and Reliable Anomaly Detection for Gas Turbine Combustors: A Deep Learning Approach. ArXiv.

[36]   Huang, G.B., Zhu, Q.Y. and Siew, C.K. (2006) Extreme Learning Machine: Theory and Applications. Neurocomputing, 70, 489-501.