Publication:
An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios

Simple item page
dc.contributor.authorPerales Gómez, Ángel Luis
dc.contributor.authorFernández Maimó, Lorenzo
dc.contributor.authorGarcía Clemente, Félix J.
dc.contributor.authorHuertas Celdrán, Alberto
dc.contributor.departmentIngeniería y Tecnología de Computadores
dc.date.accessioned2024-06-28T08:19:29Z
dc.date.available2024-06-28T08:19:29Z
dc.date.issued2023-05-09
dc.description© 2023 The Authors. This manuscript version is made available under the CC-BY-NC 4.0 license http://creativecommons.org/licenses/by-nc/4.0/ This document is the Published version of a Published Work that appeared in final form in IET Information Security. To access the final edited and published work see https://doi.org/10.1049/ise2.12115
dc.description.abstractWhen detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.es
dc.formatapplication/pdfes
dc.format.extent14
dc.identifier.citationIET Information Security, 2023, Vol. 17, pp. 553–566
dc.identifier.doihttps://doi.org/10.1049/ise2.12115
dc.identifier.issnPrint: 1751-8709
dc.identifier.issnElectronic: 1751-8717
dc.identifier.urihttp://hdl.handle.net/10201/142753
dc.languageenges
dc.publisherWiley Open Access
dc.relationThis work has been funded under grant TED2021-129300B-I00, by MCIN/AEI/10.13039/501100011033, NextGenerationEU/PRTR, UE, grant PID2021-122466OB-I00, by MCIN/AEI/10.13039/501100011033/FEDER, UE, and by the Swiss Federal Office for Defence Procurement (armasuisse) (project code Aramis R-3210/047-31).es
dc.relation.publisherversionhttps://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ise2.12115
dc.rightsinfo:eu-repo/semantics/openAccesses
dc.rightsAtribución-NoComercial 4.0 Internacional*
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/*
dc.subjectAnomaly detection
dc.subjectDeep learning
dc.subjectExplainable artificial intelligence
dc.subjectIndustry applications
dc.subjectMachine learning
dc.subjectRoot cause analysis
dc.titleAn interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarioses
dc.typeinfo:eu-repo/semantics/articlees
dspace.entity.typePublicationes
relation.isAuthorOfPublication155e7fdb-63ef-47a4-8068-bc025cfbabb9
relation.isAuthorOfPublication.latestForDiscovery155e7fdb-63ef-47a4-8068-bc025cfbabb9
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
IET Information Security - 2023 - Perales Gómez - An interpretable semi‐supervised system for detecting cyberattacks using.pdf
Size:
1.43 MB
Format:
Adobe Portable Document Format
Description:
Download
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
2.26 KB
Format:
Item-specific license agreed upon to submission
Description:
Download
Collections
Artículos