research-article

Anomaly Detection Methods for IIoT Networks

Authors:

Huaqun GuoAuthors Info & Claims

2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)

Pages 214 - 219

https://doi.org/10.1109/SOLI.2018.8476769

Published: 31 July 2018 Publication History

Abstract

IIoT networks are different from general IT networks such as office or business networks where multiple various types of applications, protocols and traffic profiles are presented, and the cyber security challenges are more on protecting data confidentiality and integrity than on network availability. IIoT networks have special features and face unique challenges in defending against cyber-attacks. This paper briefly describes the requirements and challenges in IIoT network security, and presents an overview of the existing network anomaly detection methods. The paper further presents other anomaly detection methods that are specifically applicable to IIoT networks, as those methods exploit the deterministic features of the physical world in detecting the anomalies in the observed behavior.

References

[1]

J. Lin, et al., “A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications”, IEEE Internet of Things Journal, 2017

[2]

J. Frahim, C. Pignataro, J. Apcar, and M. Morrow, “Securing the Internet of Things: A proposed Framework”, http://www.cisco.com/c/en/us/about/security-center/secure-iot-proposed-framework.html

[3]

A. M. Nia, and N. K. Jha, “A Comprehensive Study of Security of Internet-of-Things”, TETC.2016, IEEE Transactions on Emerging Topics in Computing

[4]

A. Hassanzadeh, S. Modi, and S. Mulchandani, “Towards Effective Security Control Assignment in the Industrial Internet of Things”, IEEE 2nd World Forum on Internet of Things (WF-IoT), Dec. 2015

[5]

M. H. Bhuyan, et al., “Network Anomaly Detection: Methods, Systems and Tools”, IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 1, FIRST QUARTER 2014

[6]

P. Garcia-Teodoro, J. Diaz-Verdejo, G. Mació-Fernóndez, and E. Vózquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Comput. Security, vol. 28, no. 1, pp. 18–28, Feb./Mar. 2009.

Digital Library

[7]

A. L. Buczak, and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection”, IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 2, SECOND QUARTER 2016

Digital Library

[8]

V. Chandola, A. Banerjee, and V. Kumar, “Anomaly Detection: A Survey”, ACM Computing Surveys, September 2009.

[9]

N. Friedman, D. Geiger, and M. Goldszmidt, “Bayesian Network Classifiers,” Machine Learning, vol. 29, no. 2-3, pp. 131–163, November 1997.

Digital Library

[10]

C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, “Bayesian event classification for intrusion detection,” in Proc. 19th Annual Computer Security Applications Conference, 2003.

[11]

C. Manikopoulos and S. Papavassiliou, “Network Intrusion and Fault Detection: A Statistical Anomaly Approach,” IEEE Commun. Mag., vol. 40, no. 10, pp. 76–82, October 2002.

Digital Library

[12]

D. Anderson, T. F. Lunt, H. Javitz, A. Tamaru, and A. Valdes, “Detecting unusual program behaviour using the statistical component of the next-generation intrusion detection expert system (NIDES),” Computer Science Laboratory, SRI International, USA, Tech. Rep. SRIO-CSL-95-06, 1995.

[13]

K. Ilgun, R. A. Kemmerer, and P. A. Porras, “State transition analysis: A rule-based intrusion detection approach,” IEEE Trans. Software Eng., vol. 21, no. 3, pp. 181–199, 1995.

Digital Library

[14]

M. Roesch, “Snort - Lightweight Intrusion Detection for Networks,” in Proc. 13th USENIX Conference on System Administration, Washington, 1999, pp. 229–238.

[15]

A Library for Support Vector Machines, https://www.csie.ntu.edu.tw/~cjlin/libsvm/

[16]

K. Leung and C. Leckie, “Unsupervised anomaly detection in network intrusion detection using clusters,” in Proc. 28th Australasian conference on Computer Science - Volume 38. Darlinghurst, Australia, Australia: Australian Computer Society, Inc., 2005, pp. 333–342.

[17]

Robin Sommer, Vern Paxson, “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection”, IEEE Symposium on Security and Privacy, 2010

[18]

G. Linden, B. Smith, and J. York, “Amazon.com Recommendations: Item-to-Item Collaborative Filtering,” IEEE Internet Computing, vol. 7, no. 1, pp. 76–80, 2003.

Digital Library

[19]

F. J. Och, and H. Ney, “The Alignment Template Approach to Statistical Machine Translation,” Comput. Linguist., vol. 30, no. 4, pp. 417–449, 2004.

Digital Library

[20]

C. Ko, M. Ruschitzka, and K. Levitt, “Execution monitoring of security critical programs in distributed systems: A specification-based approach”, Proceeding of IEEE Symposium on Security and Privacy, 1997, pp 175-187.

[21]

R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang and S. Zhou, “Specification based Anomaly Detection: A New Approach for Detecting Network Intrusions”, Proc. 9th ACM Conf. Comput. Commun. Secur. (CCS), New York, NY, USA, 2002, pp. 265–274.

[22]

H. Lin, et al., “Adapting Bro into SCADA: Building a Specification-based Intrusion Detection System for the DNP3 Protocol”, Proc. 8th Annu. Cyber Secur. Inf. Intell. Res. Workshop (CSIIRW), New York, NY, USA, 2013, pp. 5-1–5-4.

[23]

Robin Berthier and William H. Sanders, “Specification-based Intrusion Detection for Advanced Metering Infrastructures”, Proc. IEEE 17th Pacific Rim Int. Symp. Depend. Comput., Dec. 2011, pp. 184–193

[24]

S. Cheung, et al., “Using model-based intrusion detection for SCADA networks” Proceedings of the SCADA Security Scientific Symposium 2007, pp 127-134.

[25]

H. Hadeli, R. Schierholz, M. Braendle, and C. Tuduce, “Leveraging Determinism in Industrial Control Systems for Advanced Anomaly Detection and Reliable Security Configuration”, IEEE Conference on Emerging Technologies & Factory Automation, Mallorca, Spain, 2009.

[26]

A. Ashok, M. Govindarasu, and J. Wang, “Cyber–Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid”, Proceedings of the IEEE, Vol. 105, No. 7, July 2017, pp 1389-1407

[27]

S. Amin, X. Litrico, S. S. Sastry, and A. M. Bayen, “Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models,” IEEE Trans. Control Syst. Technol., vol. 21, no. 5, pp. 1679–1693, Sep. 2013.

[28]

H. Lin, A. Slagell, Z. Kalbarczyk, P. Sauer, R. Iyer, “Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids”, Proceeding of the first ACM workshop on Smart energy grid security, November, 2013, pp 29-34

[29]

I. Fovino, A. Coletta, A. Carcano, and M. Masera “Critical State-Based Filtering System for Securing SCADA Network Protocols”, IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 59, NO. 10, OCTOBER 2012

[30]

S. Sridhar, and M. Govindarasu, “Model-Based Attack Detection and Mitigation for Automatic Generation Control”, IEEE TRANSACTIONS ON SMART GRID, VOL. 5, NO. 2, MARCH 2014

[31]

Y. Mo, et al., “Cyber–Physical Security of a Smart Grid Infrastructure”, Proceedings of the IEEE 2011, pp 1-15

[32]

E. Miciolino, et al., “Fault diagnosis and network anomaly detection in water infrastructures”, IEEE Design & Test, July 2017, pp 44-51

Cited By

Guo JShen Y(2022)Online Anomaly Detection of Industrial IoT Based on Hybrid Machine Learning ArchitectureComputational Intelligence and Neuroscience10.1155/2022/85689172022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/8568917
Huang ZWu YTempini NLin HYin H(2022)An Energy-efficient And Trustworthy Unsupervised Anomaly Detection Framework (EATU) for IIoTACM Transactions on Sensor Networks10.1145/354385518:4(1-18)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3543855
Axon LFletcher KScott AStolz MHannigan RKaafarani AGoldsmith MCreese S(2022)Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research AgendaDigital Threats: Research and Practice10.1145/35039203:4(1-27)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3503920

Index Terms

Anomaly Detection Methods for IIoT Networks

Index terms have been assigned to the content through auto-classification.

Recommendations

Adaptive Anomaly Detection in Transaction-Oriented Networks

Adaptive algorithms for real-time and proactive detection of network/service anomalies, i.e., soft performance degradations, in transaction-oriented wide area networks (WANs) have been developed. These algorithms (i) adaptively sample and aggregate raw ...
Anomaly detection in dynamic networks: a survey

Anomaly detection is an important problem with multiple applications, and thus has been studied for decades in various research domains. In the past decade there has been a growing interest in anomaly detection in data represented as networks, or graphs,...
Anomaly Detection in Smart Grids based on Software Defined Networks
SMARTGREENS 2019: Proceedings of the 8th International Conference on Smart Cities and Green ICT Systems

Software-defined networking (SDN) is a networking architecture that increasingly receives attention from power grid operators. The basic principle is the separation of the packet forwarding data plane and the central controller implemented in software ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)

Jul 2018

308 pages

Copyright © 2018.

Publisher

IEEE Press

Publication History

Published: 31 July 2018

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Guo JShen Y(2022)Online Anomaly Detection of Industrial IoT Based on Hybrid Machine Learning ArchitectureComputational Intelligence and Neuroscience10.1155/2022/85689172022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/8568917
Huang ZWu YTempini NLin HYin H(2022)An Energy-efficient And Trustworthy Unsupervised Anomaly Detection Framework (EATU) for IIoTACM Transactions on Sensor Networks10.1145/354385518:4(1-18)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3543855
Axon LFletcher KScott AStolz MHannigan RKaafarani AGoldsmith MCreese S(2022)Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research AgendaDigital Threats: Research and Practice10.1145/35039203:4(1-27)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3503920

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents