| 1. |
|
|
| 2. |
- Dehlaghi Ghadim, Alireza, et al.
(författare)
-
Anomaly Detection Dataset for Industrial Control Systems
- 2023
-
Ingår i: IEEE Access. - : IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. - 2169-3536. ; 11, s. 107982-107996
-
Tidskriftsartikel (refereegranskat)abstract
- Over the past few decades, Industrial Control Systems (ICS) have been targeted by cyberattacks and are becoming increasingly vulnerable as more ICSs are connected to the internet. Using Machine Learning (ML) for Intrusion Detection Systems (IDS) is a promising approach for ICS cyber protection, but the lack of suitable datasets for evaluating ML algorithms is a challenge. Although a few commonly used datasets may not reflect realistic ICS network data, lack necessary features for effective anomaly detection, or be outdated. This paper introduces the 'ICS-Flow' dataset, which offers network data and process state variables logs for supervised and unsupervised ML-based IDS assessment. The network data includes normal and anomalous network packets and flows captured from simulated ICS components and emulated networks, where the anomalies were applied to the system through various cyberattacks. We also proposed an open-source tool, "ICSFlowGenerator," for generating network flow parameters from Raw network packets. The final dataset comprises over 25,000,000 raw network packets, network flow records, and process variable logs. The paper describes the methodology used to collect and label the dataset and provides a detailed data analysis. Finally, we implement several ML models, including the decision tree, random forest, and artificial neural network to detect anomalies and attacks, demonstrating that our dataset can be used effectively for training intrusion detection ML models.
|
|
| 3. |
- Dehlaghi Ghadim, Alireza, et al.
(författare)
-
Cost-efficient scheduling for deadline constrained grid workflows
- 2018
-
Ingår i: Computing and informatics. - : Slovak Academy of Sciences. - 1335-9150 .- 2585-8807. ; 37:4, s. 838-864
-
Tidskriftsartikel (refereegranskat)abstract
- Cost optimization for workflow scheduling while meeting deadline is one of the fundamental problems in utility computing. In this paper, a two-phase cost-efficient scheduling algorithm called critical chain is presented. The proposed algorithm uses the concept of slack time in both phases. The first phase is deadline distribution over all tasks existing in the workflow which is done considering critical path properties of workflow graphs. Critical chain uses slack time to iteratively select most critical sequence of tasks and then assigns sub-deadlines to those tasks. In the second phase named mapping step, it tries to allocate a server to each task considering task’s sub-deadline. In the mapping step, slack time priority in selecting ready task is used to reduce deadline violation. Furthermore, the algorithm tries to locally optimize the computation and communication costs of sequential tasks exploiting dynamic programming. After proposing the scheduling algorithm, three measures for the superiority of a scheduling algorithm are introduced, and the proposed algorithm is compared with other existing algorithms considering the measures. Results obtained from simulating various systems show that the proposed algorithm outperforms four well-known existing workflow scheduling algorithms.
|
|
| 4. |
- Dehlaghi Ghadim, Alireza, et al.
(författare)
-
Federated Learning for Network Anomaly Detection in a Distributed Industrial Environment
- 2023
-
Ingår i: Proceedings - 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350345346 ; , s. 218-225
-
Konferensbidrag (refereegranskat)abstract
- Industrial control systems have been targeted by numerous cyber attacks over the past few decades which causes different problems related to data privacy, financial losses and operational failures. One potential approach to detect these attacks is by analyzing network data using machine learning and employing network anomaly detection techniques. However, the nature of these systems often involves their geographical dispersion across multiple zones, which poses a challenge in applying local machine learning methods for detecting anomalies. Additionally, there are instances where sharing complete operational data between different zones is restricted due to security concerns. As a result, a promising solution emerges by implementing a federated model for anomaly detection in these systems. In this study, we investigate the application of machine learning techniques for anomaly detection in network data, considering centralized, local, and federated approaches. We implemented the local and centralized methods using several simple machine-learning techniques and observed that Random Forest and Artificial Neural Networks exhibited superior performance compared to other methods. As a result, we extended our analysis to develop a federated version of Random Forest and Artificial Neural Network. Our findings reveal that the federated model surpasses the performance of the local models, and achieves comparable or even superior results compared to the centralized model, while it ensures data privacy and maintains the confidentiality of sensitive information.
|
|
| 5. |
- Dehlaghi Ghadim, Alireza, et al.
(författare)
-
ICSSIM — A framework for building industrial control systems security testbeds
- 2023
-
Ingår i: Computers in industry (Print). - : Elsevier B.V.. - 0166-3615 .- 1872-6194. ; 148
-
Tidskriftsartikel (refereegranskat)abstract
- With the advent of the smart industry, Industrial Control Systems (ICS) moved from isolated environments to connected platforms to meet Industry 4.0 targets. The inherent connectivity in these services exposes such systems to increased cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection systems (IDS) empowered by machine learning are used to detect abnormal behavior of the systems. Operational ICSs are not safe environments to research IDSs due to the possibility of catastrophic risks. Therefore, realistic ICS testbeds enable researchers to analyze and validate their IDSs in a controlled environment. Although various ICS testbeds have been developed, researchers’ access to a low-cost, extendable, and customizable testbed that can accurately simulate ICSs and suits security research is still an important issue. In this paper, we present ICSSIM, a framework for building customized virtual ICS security testbeds in which various cyber threats and network attacks can be effectively and efficiently investigated. This framework contains base classes to simulate control system components and communications. Simulated components are deployable on actual hardware such as Raspberry Pis, containerized environments like Docker, and simulation environments such as GNS-3. ICSSIM also offers physical process modeling using software and hardware in the loop simulation. This framework reduces the time for developing ICS components and aims to produce extendable, versatile, reproducible, low-cost, and comprehensive ICS testbeds with realistic details and high fidelity. We demonstrate ICSSIM by creating a testbed and validating its functionality by showing how different cyberattacks can be applied. © 2023 The Authors
|
|
| 6. |
- Dehlaghi-Ghadim, Alireza
(författare)
-
Identification of Cyberattacks in Industrial Control Systems
- 2023
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- As critical infrastructure increasingly relies on Industrial Control Systems (ICS), these systems have become a prime target for cyberattacks. As a result of the move towards Industry 4.0 targets, ICSs are increasingly being connected to the outside world, which makes them even more vulnerable to attacks. To enhance the ICS's security, Intrusion Detection Systems (IDS) are used in detecting and mitigating attacks. However, using real ICS installations for testing IDS can be challenging, as any interference with the ICS could have serious consequences, such as production downtime or compromised safety. Alternatively, ICS testbeds and cybersecurity datasets can be used to analyze, validate, and evaluate the IDS capabilities in a controlled environment. In addition, the complexity of ICSs, combined with the unpredictable and intricate nature of attacks, present a challenge in achieving high detection precision using traditional rule-based models. To tackle this challenge, Machine Learning (ML) have become increasingly attractive for identifying a broader range of attacks. This thesis aims to enhance ICS cybersecurity by addressing the mentioned challenges. We introduce a framework for simulation of virtual ICS security testbeds that can be customized to create extensible, versatile, reproducible, and low-cost ICS testbeds. Using this framework, we create a factory simulation and its ICS to generate an ICS security dataset. We present this dataset as a validation benchmark for intrusion detection methods in ICSs. Finally, we investigate the efficiency and effectiveness of the intrusion detection capabilities of a range of Machine Learning techniques. Our findings show (1) that relying solely on intrusion evidence at a specific moment for intrusion detection can lead to misclassification, as various cyber-attacks may have similar effects at a specific moment, and (2) that AI models that consider the temporal relationship between events are effective in improving the ability to detect attack types.
|
|
| 7. |
|
|
| 8. |
- Markovic, Tijana, et al.
(författare)
-
Time-series Anomaly Detection and Classification with Long Short-Term Memory Network on Industrial Manufacturing Systems
- 2023
-
Ingår i: Annals of Computer Science and Information Systems. - 2300-5963. ; 35, s. 171-181
-
Tidskriftsartikel (refereegranskat)abstract
- Modern manufacturing systems collect a huge amount of data which gives an opportunity to apply various Machine Learning (ML) techniques. The focus of this paper is on the detection of anomalous behavior in industrial manufacturing systems by considering the temporal nature of the manufacturing process. Long Short-Term Memory (LSTM) networks are applied on a publicly available dataset called Modular Ice-cream factory Dataset on Anomalies in Sensors (MIDAS), which is created using a simulation of a modular manufacturing system for ice cream production. Two different problems are addressed: anomaly detection and anomaly classification. LSTM performance is analysed in terms of accuracy, execution time, and memory consumption and compared with non-time-series ML algorithms including Logistic Regression, Decision Tree, Random Forest, and Multi-Layer Perceptron. The experiments demonstrate the importance of considering the temporal nature of the manufacturing process in detecting anomalous behavior and the superiority in accuracy of LSTM over non-time-series ML algorithms. Additionally, runtime adaptation of the predictions produced by LSTM is proposed to enhance its applicability in a real system.
|
|
| 9. |
- Punnekkat, Sasikumar, et al.
(författare)
-
InSecTT Technologies for the Enhancement of Industrial Security and Safety
- 2024
-
Ingår i: Studies in Computational Intelligence. - : Springer Science and Business Media Deutschland GmbH. ; , s. 83-104, s. 83-104
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)abstract
- The recent advances in digitalization, improved connectivity and cloud based services are making a huge revolution in manufacturing domain. In spite of the huge potential benefits in productivity, these trends also bring in some concerns related to safety and security to the traditionally closed industrial operation scenarios. This paper presents a high-level view of some of the research results and technological contributions of the InSecTT Project for meeting safety/security goals. These technology contributions are expected to support both the design and operational phases in the production life cycle. Specifically, our contributions spans (a) enforcing stricter but flexible access control, (b) evaluation of machine learning techniques for intrusion detection, (c) generation of realistic process control and network oriented datasets with injected anomalies and (d) performing safety and security analysis on automated guided vehicle platoons.
|
|
| 10. |
- Strandberg, P. E., et al.
(författare)
-
The Westermo network traffic data set
- 2023
-
Ingår i: Data in Brief. - : Elsevier Inc.. - 2352-3409. ; 50
-
Tidskriftsartikel (refereegranskat)abstract
- There is a growing body of knowledge on network intrusion detection, and several open data sets with network traffic and cyber-security threats have been released in the past decades. However, many data sets have aged, were not collected in a contemporary industrial communication system, or do not easily support research focusing on distributed anomaly detection. This paper presents the Westermo network traffic data set, 1.8 million network packets recorded in over 90 minutes in a network built up of twelve hardware devices. In addition to the raw data in PCAP format, the data set also contains pre-processed data in the form of network flows in CSV files. This data set can support the research community for topics such as intrusion detection, anomaly detection, misconfiguration detection, distributed or federated artificial intelligence, and attack classification. In particular, we aim to use the data set to continue work on resource-constrained distributed artificial intelligence in edge devices. The data set contains six types of events: harmless SSH, bad SSH, misconfigured IP address, duplicated IP address, port scan, and man in the middle attack.
|
|
