Internet-based industrial control systems are increasingly being utilized to monitor and manage factories and critical infrastructure. As a result of shifting these systems online, they have become much more accessible and affordable. However, it has rendered them more susceptible to attack. This risk is developing in tandem with the increasing deployment of internet of things (IoT) technology.
The Internet of Things (IoT) refers to physical items (or groups of such objects) that are equipped with sensors, computing power, software, and other technologies that allow them to connect and exchange data with other devices and systems over the Internet or other communication networks.
Due to the unique characteristics of industrial control systems, conventional security solutions such as firewalls and antivirus software are not suitable for securing them. Even the most effective algorithms cannot pick out strange events that indicate an invasion because of their sheer complexity.
The phrase "industrial control system" refers to a group of control systems and related instrumentation that includes the devices, systems, networks, and controls that are used to run and/or automate industrial processes. Each ICS has a certain role and is designed to facilitate the effective management of duties through electronic means depending on the industry.
A KAUST team, including Fouzi Harrou, Wu Wang, and Ying Sun, has developed a better approach for detecting hostile intrusions on industrial control systems. There may be natural explanations for system activity that seems suspicious, such as a power surge or a series of circuit breaker failures. In addition, advanced cyber attackers may be adept at blending into the background.
Deep learning, a form of machine learning, has shown to be much more effective at spotting complicated patterns of the sort mentioned above than previous methods.
Deep learning is based on neural networks, which are taught rather than programmed. As an alternative to inputting programmed instructions, its developers present the deep learning model with various instances to learn from allowing it to improve in accuracy with every step.
With the help of the Mississippi State University's Critical Infrastructure Protection Center, Ying Sun's team built and tested five distinct deep learning models using the data. There were publicly accessible simulations of various attacks on power systems and gas pipelines, such as packet injection and distributed denial of service (DDOS). Compared to current state-of-the-art methods, deep learning models' capacity to identify intrusions was evaluated. Each deep learning model scored between 97 and 99 percent accuracy, although the top algorithms were often between 80 and 90 percent.
Stacking all five deep learning models resulted in a 99.9 percent accuracy rate. Stacking is the process of combining the findings of all five models and calculating their average...
"We tried stacking two models, then three, four, and five until we got the precision we needed," Harrou explains.
National governments currently see cyber warfare as a severe security danger. The team's stacking deep learning approach promises to be adequate protection in this area.
Wang, W., Harrou, F., Bouyeddou, B. et al. A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems. Cluster Comput (2021). https://doi.org/10.1007/s10586-021-03426-w