Premium
Unsupervised and incremental learning orchestration for cyber‐physical security
Author(s) -
Reis Lúcio Henrik A.,
Murillo Piedrahita Andrés,
Rueda Sandra,
Fernandes Natália C.,
Medeiros Dianne S. V.,
Amorim Marcelo Dias,
Mattos Diogo M. F.
Publication year - 2020
Publication title -
transactions on emerging telecommunications technologies
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.366
H-Index - 47
ISSN - 2161-3915
DOI - 10.1002/ett.4011
Subject(s) - testbed , computer science , cyber physical system , orchestration , unsupervised learning , artificial intelligence , field (mathematics) , control (management) , actuator , machine learning , class (philosophy) , incremental learning , computer security , computer network , art , musical , mathematics , pure mathematics , visual arts , operating system
Attacks on cyber‐physical systems, such as nuclear and water treatment plants, have physical consequences that impact the lives of thousands of citizens. In such systems, it is mandatory to monitor the field network and detect potential threats before a problem occurs. This work proposes a hybrid approach that orchestrates unsupervised and incremental learning methods to detect threats that impact the control loops in a plant. We use online data processing to identify new attack vectors. We train the online incremental learning method as new attacks arrive. We also apply a one‐class support vector machine to each monitored sensor or actuator to retrieve abnormal behaviors of their closed control loop. The proposed solution orchestrates the outputs from the two machine learning methods and alerts the system operators when it detects a threat. We evaluate the proposal on the Secure Water Treatment testbed dataset, and the results reveal that our proposal detects threats at more than 90% precision and with accuracy higher than 95%.