Por favor, use este identificador para citar o enlazar este ítem: https://doi.org/10.1049/ise2.12115

Registro completo de metadatos
Campo DCValorLengua/Idioma
dc.contributor.authorPerales Gómez, Ángel Luis-
dc.contributor.authorFernández Maimó, Lorenzo-
dc.contributor.authorHuertas Celdrán, Alberto-
dc.contributor.authorGarcía Clemente, Félix J.-
dc.date.accessioned2024-06-28T08:19:29Z-
dc.date.available2024-06-28T08:19:29Z-
dc.date.issued2023-05-09-
dc.identifier.citationIET Information Security, 2023, Vol. 17, pp. 553–566es
dc.identifier.issnPrint: 1751-8709-
dc.identifier.issnElectronic: 1751-8717-
dc.identifier.urihttp://hdl.handle.net/10201/142753-
dc.description© 2023 The Authors. This manuscript version is made available under the CC-BY-NC 4.0 license http://creativecommons.org/licenses/by-nc/4.0/ This document is the Published version of a Published Work that appeared in final form in IET Information Security. To access the final edited and published work see https://doi.org/10.1049/ise2.12115-
dc.description.abstractWhen detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.es
dc.formatapplication/pdfes
dc.format.extent14-
dc.languageenges
dc.publisherWiley Open Access-
dc.relationThis work has been funded under grant TED2021-129300B-I00, by MCIN/AEI/10.13039/501100011033, NextGenerationEU/PRTR, UE, grant PID2021-122466OB-I00, by MCIN/AEI/10.13039/501100011033/FEDER, UE, and by the Swiss Federal Office for Defence Procurement (armasuisse) (project code Aramis R-3210/047-31).es
dc.rightsinfo:eu-repo/semantics/openAccesses
dc.rightsAtribución-NoComercial 4.0 Internacional*
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/*
dc.subjectAnomaly detection-
dc.subjectDeep learning-
dc.subjectExplainable artificial intelligence-
dc.subjectIndustry applications-
dc.subjectMachine learning-
dc.subjectRoot cause analysis-
dc.titleAn interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarioses
dc.typeinfo:eu-repo/semantics/articlees
dc.relation.publisherversionhttps://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ise2.12115-
dc.identifier.doihttps://doi.org/10.1049/ise2.12115-
dc.contributor.departmentDepartamento de Ingeniería y Tecnología de Computadores-
Aparece en las colecciones:Artículos



Este ítem está sujeto a una licencia Creative Commons Licencia Creative Commons Creative Commons