An Intrusion Anomaly Detection Approach to Mitigate Sensor Attacks on Mechatronics Systems (original) (raw)
Related papers
Internet of Drones Intrusion Detection Using Deep Learning
Electronics
Flying Ad Hoc Network (FANET) or drones’ technologies have gained much attraction in the last few years due to their critical applications. Therefore, various studies have been conducted on facilitating FANET applications in different fields. In fact, civil airspaces have gradually adopted FANET technology in their systems. However, FANET’s special roles made it complex to support emerging security threats, especially intrusion detection. This paper is a step forward towards the advances in FANET intrusion detection techniques. It investigates FANET intrusion detection threats by introducing a real-time data analytics framework based on deep learning. The framework consists of Recurrent Neural Networks (RNN) as a base. It also involves collecting data from the network and analyzing it using big data analytics for anomaly detection. The data collection is performed through an agent working inside each FANET. The agent is assumed to log the FANET real-time information. In addition, it...
IRJET, 2021
ECUs are the critical components played critical role on an automotive system. Attack from the external attackers and abnormal behavior on ECUs can breach the automotive security and it harms the end users, Anomaly Detection System should be able to detect such behaviors and act accordingly without any delay. AI is widely used for ADS in vehicle network. Black-box attack is the popular and efficient attack to ADS, which do not require a knowledge about the deep learning model used in ADS and not required model internal details and model training data details. In this paper, first we propose an efficient anomaly detection system, which used optimized method to adopt Long Short Term Memory(LSTM) deep learning model for the ADS in-vehicle network. We tuned the existing parameters of the LSTM model and optimized the proposed model by using the characteristics of dataset, which from a practical in-vehicle network. Second, we propose a black-box attack to the LST based ADS, which requires only a small test dataset to train a new victim model. We were able to build a victim model that leads to the wrong interpretation within 50 man-hours. It proves that the community should focus on how to protect the system for the future work, not only focus on how to build an efficient ADS.
DronLomaly: Runtime Log-based Anomaly Detector for DJI Drones
2024
We present an automated tool for realtime detection of anomalous behaviors while a DJI drone is executing a flight mission. The tool takes sensor data logged by drone at fixed time intervals and performs anomaly detection using a Bi-LSTM model. The model is trained on baseline flight logs from a successful mission physically or via a simulator. The tool has two modules-the first module is responsible for sending the log data to the remote controller station, and the second module is run as a service in the remote controller station powered by a Bi-LSTM model, which receives the log data and produces visual graphs showing the realtime flight anomaly statuses with respect to various sensor readings on a dashboard. We have successfully evaluated the tool on three datasets including industrial test scenarios. DronLomaly is released as an open-source tool on GitHub [10], and the demo video can be found at [17]. CCS Concepts: • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Computer systems organization → Embedded and cyber-physical systems.
International Journal of Electrical and Computer Engineering (IJECE), 2024
Cyber-physical systems (CPSs), a type of computing system integrated with physical devices, are widely used in many areas such as manufacturing, traffic control, and energy. The integration of CPS and networks has expanded the range of cyber threats. Intrusion detection systems (IDSs), use signature based and machine learning based techniques to protect networks, against threats in CPSs. Water purifying plants are among the important CPSs. In this context some research uses a dataset obtained from secure water treatment (SWaT) an operational water treatment testbed. These works usually focus solely on sensory dataset and omit the analysis of network dataset, or they focus on network information and omit sensory data. In this paper we work on both datasets. We have created IDSs using five traditional machine learning techniques, decision tree, support vector machine (SVM), random forest, naïve Bayes, and artificial neural network along with two deep methods, deep neural network, and convolutional neural network. We experimented with IDSs, on three different datasets obtained from SWaT, including network data, sensory data, and Modbus data. The accuracies of proposed methods show higher values on all datasets especially on sensory (99.9%) and Modbus data (95%) and superiority of random forest and deep learning methods compared to others.
IRJET- Network Intrusion Detection using Recurrent Neural Network Algorithm
IRJET, 2020
Internet is a widely used platform nowadays by people across the word. This has led to the advancement in science and technology. Many surveys conclude that network intrusion has registered a consistent increase and lead to personal privacy theft and has become a major platform for attack in the recent years. Network intrusion is unauthorized activity on a computer network. Hence there is a need to develop an effective intrusion detection system. In proposed system acquaint an intrusion detection system that uses improved recurrent neural network(RNN) to detect the type of intrusion. In proposed system also shows a comparison between an intrusion detection system that uses other machine learning algorithm while using smaller subset of kdd-99 dataset with thousand instances and the KDD-99 dataset.
Recurrent Neural Network Architectures Toward Intrusion Detection
2018
Recurrent Neural Networks (RNN) show a remarkable result in sequence learning, particularly in architectures with gated unit structures such as Long Short-term Memory (LSTM). In recent years, several permutations of LSTM architecture have been proposed mainly to overcome the computational complexity of LSTM. In this dissertation, a novel study is presented that will empirically investigate and evaluate LSTM architecture variants such as Gated Recurrent Unit (GRU), Bi-Directional LSTM, and Dynamic-RNN for LSTM and GRU specifically on detecting network intrusions. The investigation is designed to identify the learning time required for each architecture algorithm and to measure the intrusion prediction accuracy. RNN was evaluated on the DARPA/KDD Cup’99 intrusion detection dataset for each architecture. Feature selection mechanisms were also implemented to help in identifying and removing nonessential variables from data that do not affect the accuracy of the prediction models, in thi...
Evaluation of Recurrent Neural Network and its Variants for Intrusion Detection System (IDS)
International Journal of Information System Modeling and Design, 2017
This article describes how sequential data modeling is a relevant task in Cybersecurity. Sequences are attributed temporal characteristics either explicitly or implicitly. Recurrent neural networks (RNNs) are a subset of artificial neural networks (ANNs) which have appeared as a powerful, principle approach to learn dynamic temporal behaviors in an arbitrary length of large-scale sequence data. Furthermore, stacked recurrent neural networks (S-RNNs) have the potential to learn complex temporal behaviors quickly, including sparse representations. To leverage this, the authors model network traffic as a time series, particularly transmission control protocol / internet protocol (TCP/IP) packets in a predefined time range with a supervised learning method, using millions of known good and bad network connections. To find out the best architecture, the authors complete a comprehensive review of various RNN architectures with its network parameters and network structures. Ideally, as a t...
arXiv (Cornell University), 2022
The increasing deployment of low-cost industrial IoT (IIoT) sensor platforms on industrial assets enables great opportunities for anomaly classification in industrial plants. The performance of such a classification model depends highly on the available training data. Models perform well when the training data comes from the same machine. However, as soon as the machine is changed, repaired, or put into operation in a different environment, the prediction often fails. For this reason, we investigate whether it is feasible to have a robust and transferable method for AI based anomaly classification using different models and pre-processing steps on centrifugal pumps which are dismantled and put back into operation in the same as well as in different environments. Further, we investigate the model performance on different pumps from the same type compared to those from the training data.
Recent Advances in Anomaly Detection Methods applied to Aviation
Anomaly detection is an active area of research with numerous methods and applications. This survey reviews the state-of-the-art of data-driven anomaly detection techniques and their application to the the aviation domain. After a brief introduction to the main traditional data-driven methods for anomaly detection, we review the recent advances in the area of neural networks, deep learning and temporal-logic based learning. We cover especially unsupervised techniques applicable to time series data because of their relevance to the aviation domain, where the lack of labeled data is the most usual case, and the nature of flight trajectories and sensor data is sequential, or temporal. The advantages and disadvantages of each method are presented in terms of computational efficiency and detection efficacy. The second part of the survey explores the application of anomaly detection techniques to aviation and their contributions to the improvement of the safety and performance of flight o...
Intrusion detection system using artificial intelligence for internal messages of robotic cars
Nucleation and Atmospheric Aerosols, 2022
Modern cars have evidenced to be susceptible to attacks by security researchers through physical and remote access to the cars' internal network. They can access a Controller Area Network (CAN), a bus communication protocol that defines a standard for effective and reliable transmission with the Electronics Control Units (ECU) in-cars. The CAN bus has some vulnerabilities that permit the intruders to control the car, for example preventing the engine to work or cutting the brakes by injection fabricated messages. However, the line of protection is monitoring and detecting malicious behavior on the CAN bus to reducing these risks. A security approach is suggested that depended on unsupervised learning, such as k-mean and supervised learning, such as Artificial Neural Networks (ANN) to enhance and protect the CAN bus of autonomous cars. The features are evaluated to measure its discrimination ability between classes and to select the best existing features. A real dataset shows that the suggested schema provides a low false ratio of 0.1% and the error rate of 0.6% with an average accuracy of 87.63%.