Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods

Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods

Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control syste...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Electronics (Basel) 2022-03, Vol.11 (6), p.867
Hauptverfasser: Kwon, Hee-Yong, Kim, Taesic, Lee, Mun-Kyu
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Communication networks
Control systems
Cybersecurity
Data encryption
Datasets
Industrial electronics
Internet of Things
Machine learning
Malware
Methods
Nuclear power plants
Performance evaluation
Ransomware
Time series
Water treatment
Windows (intervals)
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 6
container_start_page 867
container_title Electronics (Basel)
container_volume 11
creator Kwon, Hee-Yong
Kim, Taesic
Lee, Mun-Kyu
description Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.
doi_str_mv 10.3390/electronics11060867
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2642367634</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2642367634</sourcerecordid><originalsourceid>FETCH-LOGICAL-c322t-bcf0e4090d8cbbdfb16dd8dcef9c9f7a1f73d03b59edb1c8f424404d9561a2c23</originalsourceid><addsrcrecordid>eNptkEtLAzEUhYMoWGp_gZsB16N5NTNZtvVVqLhQVy5Cnm1Km9QkU_DfO6UFXXg393D57jlwALhG8JYQDu_sxuqSYvA6IwQZbFlzBgYYNrzmmOPzP_oSjHJew344Ii2BA_A5MXsZtDXVPJTUZR9DdW9L73hQs7hVPviwrN78MsjSJVtPZe5pGUw1tSu59zGdTr9vL7asoslX4MLJTbaj0x6Cj8eH99lzvXh9ms8mi1oTjEuttIOWQg5Nq5UyTiFmTGu0dVxz10jkGmIgUWNujUK6dRRTCqnhY4Yk1pgMwc3Rd5fiV2dzEevYpdBHCswoJqxhhPYUOVI6xZyTdWKX_Famb4GgOBQp_imS_AABBGsZ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2642367634</pqid></control><display><type>article</type><title>Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods</title><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Kwon, Hee-Yong ; Kim, Taesic ; Lee, Mun-Kyu</creator><creatorcontrib>Kwon, Hee-Yong ; Kim, Taesic ; Lee, Mun-Kyu</creatorcontrib><description>Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics11060867</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Anomalies ; Communication networks ; Control systems ; Cybersecurity ; Data encryption ; Datasets ; Industrial electronics ; Internet of Things ; Machine learning ; Malware ; Methods ; Nuclear power plants ; Performance evaluation ; Ransomware ; Time series ; Water treatment ; Windows (intervals)</subject><ispartof>Electronics (Basel), 2022-03, Vol.11 (6), p.867</ispartof><rights>2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c322t-bcf0e4090d8cbbdfb16dd8dcef9c9f7a1f73d03b59edb1c8f424404d9561a2c23</citedby><cites>FETCH-LOGICAL-c322t-bcf0e4090d8cbbdfb16dd8dcef9c9f7a1f73d03b59edb1c8f424404d9561a2c23</cites><orcidid>0000-0003-4423-7467 ; 0000-0001-6392-1446 ; 0000-0003-1517-6925</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Kwon, Hee-Yong</creatorcontrib><creatorcontrib>Kim, Taesic</creatorcontrib><creatorcontrib>Lee, Mun-Kyu</creatorcontrib><title>Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods</title><title>Electronics (Basel)</title><description>Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.</description><subject>Anomalies</subject><subject>Communication networks</subject><subject>Control systems</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Datasets</subject><subject>Industrial electronics</subject><subject>Internet of Things</subject><subject>Machine learning</subject><subject>Malware</subject><subject>Methods</subject><subject>Nuclear power plants</subject><subject>Performance evaluation</subject><subject>Ransomware</subject><subject>Time series</subject><subject>Water treatment</subject><subject>Windows (intervals)</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNptkEtLAzEUhYMoWGp_gZsB16N5NTNZtvVVqLhQVy5Cnm1Km9QkU_DfO6UFXXg393D57jlwALhG8JYQDu_sxuqSYvA6IwQZbFlzBgYYNrzmmOPzP_oSjHJew344Ii2BA_A5MXsZtDXVPJTUZR9DdW9L73hQs7hVPviwrN78MsjSJVtPZe5pGUw1tSu59zGdTr9vL7asoslX4MLJTbaj0x6Cj8eH99lzvXh9ms8mi1oTjEuttIOWQg5Nq5UyTiFmTGu0dVxz10jkGmIgUWNujUK6dRRTCqnhY4Yk1pgMwc3Rd5fiV2dzEevYpdBHCswoJqxhhPYUOVI6xZyTdWKX_Famb4GgOBQp_imS_AABBGsZ</recordid><startdate>20220301</startdate><enddate>20220301</enddate><creator>Kwon, Hee-Yong</creator><creator>Kim, Taesic</creator><creator>Lee, Mun-Kyu</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0003-4423-7467</orcidid><orcidid>https://orcid.org/0000-0001-6392-1446</orcidid><orcidid>https://orcid.org/0000-0003-1517-6925</orcidid></search><sort><creationdate>20220301</creationdate><title>Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods</title><author>Kwon, Hee-Yong ; Kim, Taesic ; Lee, Mun-Kyu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c322t-bcf0e4090d8cbbdfb16dd8dcef9c9f7a1f73d03b59edb1c8f424404d9561a2c23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Anomalies</topic><topic>Communication networks</topic><topic>Control systems</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Datasets</topic><topic>Industrial electronics</topic><topic>Internet of Things</topic><topic>Machine learning</topic><topic>Malware</topic><topic>Methods</topic><topic>Nuclear power plants</topic><topic>Performance evaluation</topic><topic>Ransomware</topic><topic>Time series</topic><topic>Water treatment</topic><topic>Windows (intervals)</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kwon, Hee-Yong</creatorcontrib><creatorcontrib>Kim, Taesic</creatorcontrib><creatorcontrib>Lee, Mun-Kyu</creatorcontrib><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kwon, Hee-Yong</au><au>Kim, Taesic</au><au>Lee, Mun-Kyu</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods</atitle><jtitle>Electronics (Basel)</jtitle><date>2022-03-01</date><risdate>2022</risdate><volume>11</volume><issue>6</issue><spage>867</spage><pages>867-</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/electronics11060867</doi><orcidid>https://orcid.org/0000-0003-4423-7467</orcidid><orcidid>https://orcid.org/0000-0001-6392-1446</orcidid><orcidid>https://orcid.org/0000-0003-1517-6925</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2079-9292
ispartof Electronics (Basel), 2022-03, Vol.11 (6), p.867
issn 2079-9292
2079-9292
language eng
recordid cdi_proquest_journals_2642367634
source MDPI - Multidisciplinary Digital Publishing Institute; EZB-FREE-00999 freely available EZB journals
subjects Anomalies
Communication networks
Control systems
Cybersecurity
Data encryption
Datasets
Industrial electronics
Internet of Things
Machine learning
Malware
Methods
Nuclear power plants
Performance evaluation
Ransomware
Time series
Water treatment
Windows (intervals)
title Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T20%3A27%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Advanced%20Intrusion%20Detection%20Combining%20Signature-Based%20and%20Behavior-Based%20Detection%20Methods&rft.jtitle=Electronics%20(Basel)&rft.au=Kwon,%20Hee-Yong&rft.date=2022-03-01&rft.volume=11&rft.issue=6&rft.spage=867&rft.pages=867-&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics11060867&rft_dat=%3Cproquest_cross%3E2642367634%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2642367634&rft_id=info:pmid/&rfr_iscdi=true