Browsing by Subject "Anomaly detection"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Publication
    Open Access
    An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios
    (Wiley Open Access, 2023-05-09) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; Huertas Celdrán, Alberto; García Clemente, Félix J.; Ingeniería y Tecnología de Computadores
    When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.
  • Thumbnail Image
    Publication
    Open Access
    SafeMan: a unified framework to manage cybersecurity and safety in manufacturing industry
    (Wiley, 2020-08-06) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; Huertas Celdrán, Alberto; García Clemente, Félix J.; Gil Pérez, Manuel; Martínez Pére, Gregorio; Ingeniería y Tecnología de Computadores
    Industrial control systems (ICS) are considered cyber-physical systems that join both cyber and physical worlds. Due to their tight interaction, where humans and robots co-work and co-inhabit in the same workspaces and production lines, cyber-attacks targeting ICS can alter production processes and even bypass safety procedures. As an example, these cyber-attacks could interrupt physical industrial processes and cause potential injuries to workers. In this article, we present SafeMan, a unified management framework based on the Edge Computing paradigm that provides high-performance applications for the detection and mitigation of both cyber-attacks and safety threats in industrial scenarios. Three use cases show specific threats in manufacturing as well as the SafeMan actions carried out to detect and mitigate them. In order to validate our proposal, a pool of experiments was performed with Electra, an industrial dataset with normal network traffic and different cyber-attacks by using a given number of Modbus TCP and S7Comm devices. The experiments measured the runtime performance of anomaly detection techniques based on machine learning and deep learning to detect cyber-attacks in control networks. The experimental results show that Neural Networks report the best performance, being able to examine 217 feature vectors per second over Electra, and therefore demonstrating that it can be used as detection model for SafeMan in real scenarios.
  • Thumbnail Image
    Publication
    Open Access
    SUSAN: a deep learning based anomaly detection framework for sustainable industry
    (2023-01-05) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; Huertas Celdrán, Alberto; García Clemente, Félix J.; Ingeniería y Tecnología de Computadores; Elsevier
    Nowadays, sustainability is the core of green technologies, being a critical aspect in many industries concerned with reducing carbon emissions and energy consumption optimization. While this concern increases, the number of cyberattacks causing sustainability issues in industries also grows. These cyberattacks impact industrial systems that control and monitor the right functioning of processes and systems. Furthermore, they are very specialized, requiring knowledge about the target industrial processes, and being undetectable for traditional cybersecurity solutions. To overcome this challenge, we present SUSAN, a Deep Learning-based framework, to build anomaly detectors that expose cyberattacks affecting the sustainability of industrial systems. SUSAN follows a modular and flexible design that allows the ensembling of several detectors to achieve more precise detections. To demonstrate the feasibility of SUSAN, we implemented the framework in a water treatment plant using the SWaT testbed. The experiments performed achieved the best recall rate (0.910) and acceptable precision (0.633), resulting in an F1-score of 0.747. Regarding individual cyberattacks that impact the system’s sustainability, our implementation detected all of them, and, concerning the related work, it achieved the most balanced results, with 0.64 as the worst recall rate. Finally, a false-positive rate of 0.000388 makes our solution feasible in real scenarios.
  • Thumbnail Image
    Publication
    Open Access
    VAASI: Crafting valid and abnormal adversarial samples for anomaly detection systems in industrial scenarios
    (Elsevier, 2023-12) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; Huertas Celdrán, Alberto; García Clemente, Félix J.; Ingeniería y Tecnología de Computadores
    In the realm of industrial anomaly detection, machine and deep learning models face a critical vulnerability to adversarial attacks. In this context, existing attack methodologies primarily target continuous features, often in the context of images, making them unsuitable for the categorical or discrete features prevalent in industrial systems. To fortify the cybersecurity of industrial environments, this paper introduces a groundbreaking adversarial attack approach tailored to the unique demands of these settings. Our novel technique enables the creation of targeted adversarial samples that are valid within the framework of supervised cyberattack detection models in industrial scenarios, preserving the consistency of discrete values and correcting cases where an adversarial sample transitions into a normal one. Our approach leverages the SHAP interpretability method to identify the most salient features for each sample. Subsequently, the Projected Gradient Descent technique is employed to perturb continuous features, ensuring adversarial sample generation. To handle categorical features for a specific adversarial sample, our method scrutinizes the closest sample within the normal training dataset and replicates its categorical feature values. Additionally, Decision Trees trained within a Random Forest are utilized to ensure that the resulting adversarial samples maintain the essential abnormal behavior required for detection. The validation of our proposal was conducted using the WADI dataset obtained from a water distribution plant, providing a realistic industrial context. During validation, we assessed the mean error and the total number of adversarial samples generated by our approach, comparing it with the original Projected Gradient Descent method and the Carlini & Wagner attack across various parameter configurations. Remarkably, our proposal consistently achieved the best trade-off between mean error and the number of generated adversarial samples, showcasing its superiority in safeguarding industrial systems.