دانلود مقاله رویکرد جدید سیستم تشخیص نفوذ مبنی بر دو ناهنجاری برای صنعت 4.0
خلاصه
1. معرفی
2. آثار مرتبط
3. IDS مبتنی بر رفتار مبتنی بر شبکه های عصبی
4. IDS مبتنی بر مشخصات: استاندارد صنعتی ISA-95
5. IDS مبتنی بر BI-ANOmaly پیشنهادی: BIANO-IDS
6. نتیجه گیری
اعلامیه منافع رقابتی
در دسترس بودن داده ها
منابع
Abstract
1. Introduction
2. Related works
3. Behavioral-based IDS based on neural networks
4. Specification-based IDS: The industrial ISA-95 standard
5. Proposed BI-ANOmaly-based IDS: BIANO-IDS
6. Conclusions
Declaration of Competing Interest
Data availability
References
چکیده
امروزه صنعت 4.0 به دلیل اتصال بیش از حد به یک هدف اصلی برای مجرمان سایبری تبدیل شده است. خوشبختانه، چندین ابزار پیشرفته برای ایمن سازی سیستم های صنعتی مانند سیستم های تشخیص نفوذ (IDS) وجود دارد. با این حال، یکی از محدودیت های اصلی IDS صنعتی، نرخ بالای مثبت کاذب و نحوه تشخیص حمله واقعی از شکست صنعتی است. این مقاله دقیقاً به دو نکته اخیر می پردازد و راهی برای کاهش نرخ مثبت کاذب و تشخیص حملات از خرابی های صنعتی پیشنهاد می کند. رویکرد پیشنهادی دو نوع IDS را با استفاده از شبکه عصبی (NN) از طریق یک سیستم تصمیمگیری (DMS) ترکیب میکند. در یک محیط صنعتی واقعی آزمایش شد. نتایج عملکرد با درصد بالایی از دقت و نرخ مثبت کاذب پایین امیدوار کننده است.
Abstract
Today, industry 4.0 is becoming a major target for cybercriminals due to its hyper-connectivity. Fortunately, there are several advanced means of securing industrial systems such as Intrusion Detection Systems (IDS). However, one of the main limitations of industrial IDS is the high rate of false positives and how to distinguish a real attack from an industrial failure. This paper deals precisely with the two latter points and proposes a way to reduce the rate of false positives and to distinguish attacks from industrial failures. The proposed approach combines two kinds of IDS using Neural Network (NN) through a Decision Making System (DMS). It was tested on a real industrial environment. The performance results are promising with a high percentage of accuracy and a low false positive rate.
1. Introduction
Nowadays, Industrial Control Systems (ICS) exist in many different industrial sectors such as meatpacking, chemistry, construction, automotive, electronics industry. But also in vital industrial sectors such as energy, health, military and food sectors. Therefore, the suspension or the stopping of these systems could be costly for industrialists and cause consequent damage. Today, securing such equipment becomes more than necessary. Over the past decade, industry has become the center of attackers’ focus and has been the victim of several attacks starting with Stuxnet, Black Energy, WannaCry. This wave of attacks has been succeeded by several ransomware attacks in 2020 during the coronavirus pandemic, especially with the increase in the number of remote workers and a lack of security in this new working model [1]. Kaspersky’s ICS CERT researchers forecast a list of attacks likely to target industries in 2023 [2]. Among these attacks are phishing pages and emails, Torjans, N-day vulnerabilities, attacks on cloud services, exploiting vulnerabilities in legitimate software, the spread of malware via removable media ...
This cyber-criminality phenomenon is favored with the emergence of the industry 4.0. This 4th industrial revolution is characterized by the convergence of the worlds of Information Technology (IT) and Operation Technology (OT), the huge amount of generated data, the use of Cloud as new storage means. All these reasons increase the risk of cyber attacks in industry.
Fortunately, there are several solutions to secure the industry and its equipment. Among these mechanisms, we mention firewalls, anti-virus, auditing processes and IDS. Each of these securing mechanisms has a specific role such as detecting and removing malware, preventing unauthorized access or detecting intrusions by IDS. These latter give visibility to the system’s activities, which allows a timely detection and response to any suspicious events [3], [4].
6. Conclusions
BIANO-IDS is a new intrusion detection approach combining two kinds of IDS: anomaly-based IDS and specification-based IDS. The approach has been tested on a real environment and the detection accuracy rate is high in addition to the different performance metrics. However, to further improve performance metrics, we intend to explore other traces such as system logs and apply reduction or selection features methods in the future to improve the computation and training time of neural networks.