6 research outputs found
Ensemble common features technique for lightweight intrusion detection in industrial control system.
Get PDFThe integration of the Industrial Control System (ICS) with corporate intranets and the internet has exposed the previously isolated SCADA system to a wide range of cyberattacks. Interestingly, the vulnerabilities in the Modbus protocol, with which the ICS communicates, make data obfuscation and communication between component entities less secure. In this work, we propose a Common Features Technique (CFT) for Lightweight Intrusion Detection based on an ensembled feature selection approach. Our Common Features Technique, which used fewer features, was able to detect intrusion at the same level as models using information gain, Chi-Squared, and Gini Index feature selection techniques datasets after fitting Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbour (KNN) models. More importantly, when p-values were computed, the CFT model computation time and memory usage were statistically significantly different at 95% and 90% Confidence Interval (CI) when compared to the model on the other techniques
Optimized common features selection and deep-autoencoder (OCFSDA) for lightweight intrusion detection in Internet of things.
Get PDFEmbedded systems, including the Internet of Things (IoT), play a crucial role in the functioning of critical infrastructure. However, these devices face significant challenges such as memory footprint, technical challenges, privacy concerns, performance trade-offs and vulnerability to cyber-attacks. One approach to address these concerns is minimising computational overhead and adopting lightweight intrusion detection techniques. In this study, we propose a highly efficient model called Optimized Common Features Selection and Deep-Autoencoder (OCFSDA) for lightweight intrusion detection in IoT environments. The proposed OCFSDA model incorporates feature selection, data compression, pruning and deparameterization. We deployed the model on a Raspberry Pi4 using the TFLite interpreter by leveraging optimisation and inferencing with semi-supervised learning. Using the MQTT-IoT-IDS2020 and CICIDS2017 datasets, our experimental results demonstrate a remarkable reduction in the computation cost in terms of time and memory use. Notably, the model achieved an overall average accuracies of 99% and 97%, along with comparable performance on other important metrics such as precision, recall and F1-score. Moreover, the model accomplished the classification tasks within 0.30 and 0.12s using only 2KB of memory
Enhancing intrusion detection through data perturbation augmentation strategy.
Get PDFIntrusion data augmentation is an approach used to increase the size of the training data sample to improve the classification capabilities of machine-learning algorithms applied to intrusion detection. In this study, we introduced data perturbation by adding Gaussian noise to the minority class representing the intrusion scenarios. Employing the Divide-Sort, Augment, and Combined (SAC) technique, we performed oversampling on the minority class of two datasets used for training the model. Subsequently, we validated the model to achieve high overall accuracy indicating reliable intrusion detection. The performance of the model on the perturbed dataset was compared with that of the SMOTE and ROSE data augmentation methods. The results revealed that the perturbation of oversampled data exhibited superior and near perfect classification compared with the SMOTE and ROSE data augmentation techniques. The effectiveness of the proposed intrusion detection approach has been demonstrated on the BoT-IoT and smart grid imbalanced datasets, previously used for benchmarking
A comparative study of novelty detection models for zero day intrusion detection in industrial Internet of Things.
No full textThe detection of zero-day attacks in the IoT network is a challenging task due to unknown security vulnerabilities. Also, the unavailability of the data makes it difficult to train a machine learning (ML) model about new vulnerabilities. The existing supervised ML-based Intrusion Detection Systems (IDS) are trained to detect only known attacks. On the contrary, the unsupervised ML-based IDSs show a high false-positive rate. In this paper, we experimented on three novelty detection algorithms named One-Class SVM (OCSVM), Local Outlier Factor (LOF), and Isolation Forest (IF), which follow the one-vs-all strategy for zero-day-intrusion detection for IoT datasets. UNSW-NB15 and IoTID20 datasets are considered for the experiment. Experimental results show that OCSVM outperformed the other two models for zero-day intrusion or unseen anomaly detection in IoT domain
Effective detection of cyber attack in a cyber-physical power grid system.
No full textAdvancement in technology and the adoption of smart devices in the operation of power grid systems have made it imperative to ensure adequate protection for the cyber-physical power grid system against cyber-attacks. This is because, contemporary cyber-attack landscapes have made devices’ first line of defense (i.e. authentication and authorization) hardly enough to withstand the attacks. To detect these attacks, this paper proposes a detection methodology based on Machine Learning techniques. The dataset used in this experiment was obtained from the synchrophasor measurements of data logs from snort, simulated control panels and relays of a smart power grid transmission system. After the preprocessing of the dataset, it was then scaled and analyzed before the fitting of - Random Forest, Support Vector Machine, Linear Discriminant Analysis and K-Nearest Neighbor algorithms. The fitting of the different classifiers was done in order to find the algorithm with the best output. Upon the completion of the experiment, the results of classifiers were tabulated and the result of the Random Forest model was the most effective with an accuracy of 92% and a significantly low rate of misclassification. The Random Forest model also shows a high percentage of the true positive rate that is critical to the security issue
Improving intrusion detection through training data augmentation.
No full textImbalanced classes in datasets are common problems often found in security data. Therefore, several strategies like class resampling and cost-sensitive training have been proposed to address it. In this paper, we propose a data augmentation strategy to oversample the minority classes in the dataset. Using our Sort-Augment-Combine (SAC) technique, we split the dataset into subsets of the class labels and then generate synthetic data from each of the subsets. The synthetic data were then used to oversample the minority classes. Upon the completion of the oversampling, the independent classes were combined to form an augmented training data for model fitting. Using performance metrics such as accuracy, recall (sensitivity) and true positives (specificity), the models trained using the augmented datasets show an improvement in performance metrics over the original dataset. Similarly, in a binary class dataset, SAC performed optimally and the combination of SAC and ROSE model shows an improvement in overall accuracy, sensitivity and specificity when compared with the performance of the Random Forest model on the original dataset, ROSE and SMOTE augmented datasets
