Download This PaperA Process-Informed Approach to Network Intrusion Detection for Cyber Physical Systems
16 Pages Posted: 14 Feb 2024
Abstract
Research into the application of machine learning techniques to the problem of network intrusion detection is important for the effective automation of cyber security. In the setting of Cyber Physical Systems, cyber-attacks compromise physical processes, affecting the normal function of critical assets. Our hypothesis is that training machine learning algorithms on a dataset that combines network traffic data with physical process data can improve network intrusion detection performance. Specifically, our Process-Informed Network Intrusion Detection for Cyber Physical Systems (PINIDS) framework deploys the Learning Using Privileged Information (LUPI) paradigm for training a supervised Network Intrusion Detection model that is infused with network and process data in the learning phase and operates on network data at run-time. The PINIDS framework has been evaluated using SWaT dataset against brute force and unauthorised command message attacks, and using LUPI machine learning techniques including SVM+, Margin Transfer, Transfer Learning, and Distillation. The experimentation highlighted improved balance between precision and recall by increasing detection accuracy while minimizing false positives and false negatives. Specifically, the F1-measure improved significantly when using the SVM+ algorithm by 21.47\% and the distilled DNN model showed an average improvement of 12.23\% in F1-measure in compare to other models.
Keywords: Network Intrusion Detection SystemCyber Physical SystemsIndustrial Control Systems Embedded Systems Machine Learning Learning Using Privileged Information Cyber Security
Suggested Citation: Suggested Citation