TabGAN-Powered Data Augmentation and Explainable Boosting-Based Ensemble Learning for Intrusion Detection in Industrial Control Systems
Pages 123 - 136
Abstract
In the era of Industry 4.0, the Industrial Control System (ICS) plays a crucial role, making the detection of cyber attacks on it both vital and challenging. This study presents TDAELID, a method designed to improve cyber assault detection on the widely used IEC 60870-5-104 protocol in ICS. TDAELID employs TabGAN to generate realistic samples from minority classes and a clustering approach to select representative samples from majority classes, enhancing the quality of the training set. Furthermore, it utilizes a weighted ensemble of multiple AI models concurrently to enhance intrusion detection effectiveness. Evaluation on the IEC 60870-5-104 Intrusion Detection Dataset demonstrates TDAELID’s superiority over state-of-the-art methods, achieving an 85.44% detection accuracy and an 84.88% F1 score, surpassing SOTA methods.
References
[1]
Radoglou-Grammatikis P et al. Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach IEEE Trans. Industr. Inf. 2022 18 3 2041-2052
[2]
Aldweesh, A., Derhab, A., and Emam, A.Z.: Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Know.-Based Syst. 189 (2020)
[3]
Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appli. Sci. 9(20) (2019)
[4]
Vo HV, Du HP, and Nguyen HN Ai-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysis J. Netw. Comput. Appl. 2023 220
[5]
Qin-cui, F., Zi-ying, L., Ke-jia, F.: Implementation of iec60870-5-104 protocol based on finite state machines. In: 2009 International Conference on Sustainable Power Generation and Supply, pp. 1–5, (2009)
[6]
Ikram ST et al. Anomaly detection using xgboost ensemble of deep neural network models Cybern. Inf. Technol. 2021 21 175-188
[7]
Mishra P, Varadharajan V, Tupakula U, and Pilli ES A detailed investigation and analysis of using machine learning techniques for intrusion detection IEEE Commun. Surv. Tutorials 2019 21 1 686-728
[8]
Ferrag MA, Maglaras L, Moschoyiannis S, and Janicke H Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study J. Inform. Sec. Appli. 2019 50 12
[9]
Bontemps, L., Cao, V.L., Mcdermott, J., Le-Khac, N.-A.: Collective anomaly detection based on long short-term memory recurrent neural networks, pp. 141–152 (Nov 2016)
[10]
Li Y, Qin T, Huang Y, Lan J, Liang Z, and Geng T Hdfef: a hierarchical and dynamic feature extraction framework for intrusion detection systems Comput. Sec. 2022 121
[11]
Aldarwbi, M., Habibi Lashkari, A., Ghorbani, A.: The sound of intrusion: a novel network intrusion detection system. Comput. Electr. Eng. 104, 10 (2022)
[12]
Omer N, Samak AH, Taloba AI, and Abd El-Aziz RM A novel optimized probabilistic neural network approach for intrusion detection and categorization’ Alexandria Eng. J. 2023 72 351-361
[13]
Ghanbarzadeh, R., Hosseinalipour, A., Ghaffari, A.: A novel network intrusion detection method based on metaheuristic optimisation algorithms. J. Ambient Intell. Humanized Comput., 1–18 (2023)
[14]
Al S and Dener M Stl-hdl: a new hybrid network intrusion detection system for imbalanced dataset on big data environment Comput. Sec. 2021 110
[15]
Radoglou-Grammatikis, P., Sarigiannidis, P., Giannoulakis, I., Kafetzakis, E., Panaousis, E.: Attacking iec-60870-5-104 scada systems. In: 2019 IEEE World Congress on Services (SERVICES), vol. 2642-939X, pp. 41–46 (2019)
[16]
Asimopoulos, D., et al.: Breaching the defense: Investigating fgsm and ctgan adversarial attacks on iec 60870-5-104 ai-enabled intrusion detection systems,’ pp. 1–8 (Oct 2023)
[17]
Vo HV, Du HP, and Nguyen HN Apelid: enhancing real-time intrusion detection with augmented wgan and parallel ensemble learning Comput. Sec. 2024 136
[18]
Xu, L., Veeramachaneni, K.: Synthesizing tabular data using generative adversarial networks (Nov 2018)
[19]
Xu, L., Skoularidou, M., Cuesta-Infante, A., Veeramachaneni, K.: Modeling tabular data using conditional GAN. Curran Associates Inc., Red Hook, NY, USA (2019)
[20]
Estécio Marcílio Júnior, W., Eler, D.: From explanations to feature selection: assessing shap values as feature selection mechanism (Nov 2020)
[21]
Gramegna A and Giudici P Shapley feature selection FinTech 2022 1 72-80
[22]
Hassan F, Yu J, Syed Z, Magsi AH, and Ahmed N Developing transparent ids for vanets using lime and shap: an empirical study Comput. Mater. Continua 2023 77 1-10
[23]
Le GV, Nguyen TH, Pham PD, Phung OV, and Nguyen HN Guruws: a hybrid platform for detecting malicious web shells and web application vulnerabilities Trans. Comput. Collective Intell. 2019 11370 184-208
Index Terms
- TabGAN-Powered Data Augmentation and Explainable Boosting-Based Ensemble Learning for Intrusion Detection in Industrial Control Systems
Index terms have been assigned to the content through auto-classification.
Recommendations
Why Anomaly-Based Intrusion Detection Systems Have Not Yet Conquered the Industrial Market?
Foundations and Practice of SecurityAbstractIn this position paper, we tackle the following question: why anomaly-based intrusion detection systems (IDS), despite providing excellent results and holding higher (potential) capabilities to detect unknown (zero-day) attacks, are still marginal ...
CNN-based anomaly detection for packet payloads of industrial control system
Industrial control systems (ICSs) are more vulnerable to cyber threats owing to their network connectivity. The intrusion detection system(IDS) has been deployed to detect sophisticated cyber-attack but the existing IDS uses the packet header information ...
Explainable AI-based innovative hybrid ensemble model for intrusion detection
AbstractCybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sep 2024
414 pages
ISBN:978-3-031-70818-3
DOI:10.1007/978-3-031-70819-0
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 09 September 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Mar 2025