Abstract
Industrial control systems (ICSs) are integral parts of smart cities and critical to modern societies. Despite indisputable opportunities introduced by disruptor technologies, they proliferate the cybersecurity threat landscape, which is increasingly more hostile. The quantum of sensors utilized by ICS
aided by artificial intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining, and cost reduction. However, apart from the operational use, the sensors generated data combined with AI can be innovatively utilized to model anomalous behavior as part of layered security to increase resilience to cyberattacks. We introduce a framework to profile
anomalous behavior in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, k-fold, n-repeat cross-validation applied to each base learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor data set. The experimental results reveal that the proposed technique achieves an overall F1-score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 s. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS, and transferable to other smart city sectors.
aided by artificial intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining, and cost reduction. However, apart from the operational use, the sensors generated data combined with AI can be innovatively utilized to model anomalous behavior as part of layered security to increase resilience to cyberattacks. We introduce a framework to profile
anomalous behavior in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, k-fold, n-repeat cross-validation applied to each base learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor data set. The experimental results reveal that the proposed technique achieves an overall F1-score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 s. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS, and transferable to other smart city sectors.
Original language | English |
---|---|
Pages (from-to) | 13279-13297 |
Journal | IEEE Internet of Things Journal |
Volume | 9 |
Issue number | 15 |
Early online date | 18 Jan 2022 |
DOIs | |
Publication status | Published - 1 Aug 2022 |
Bibliographical note
Copyright © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Keywords
- machine learning
- cyber-physical systems
- cyber security
- digital forensic and incident response
- supervisory control and data acquisition
- SCADA
- programmable logic controllers
- PLC
- human machine interface
- HMI
- industry 4.0
- internet of things
- smart city
- insider threat
- cyber resilience