IEICE TRANSACTIONS on Information
A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network
Summary :
As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.
- Publication
- IEICE TRANSACTIONS on Information Vol.E100-D No.8 pp.1780-1789
- Publication Date
- 2017/08/01
- Publicized
- 2017/05/18
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2016ICP0005
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Industrial Control System Security
Authors
Hua ZHANG
Beijing University of Posts and Telecommunications
Shixiang ZHU
Beijing University of Posts and Telecommunications
Xiao MA
State Gird Jiangsu Electric Power Company
Jun ZHAO
NARI Group Corporation
Zeng SHOU
Electric Power Science Research Institute of State Gird Jiangsu Electric Power Company
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Hua ZHANG, Shixiang ZHU, Xiao MA, Jun ZHAO, Zeng SHOU, "A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 8, pp. 1780-1789, August 2017, doi: 10.1587/transinf.2016ICP0005.
Abstract: As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2016ICP0005/_p
Copy
@ARTICLE{e100-d_8_1780,
author={Hua ZHANG, Shixiang ZHU, Xiao MA, Jun ZHAO, Zeng SHOU, },
journal={IEICE TRANSACTIONS on Information},
title={A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network},
year={2017},
volume={E100-D},
number={8},
pages={1780-1789},
abstract={As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.},
keywords={},
doi={10.1587/transinf.2016ICP0005},
ISSN={1745-1361},
month={August},}
Copy
TY - JOUR
TI - A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network
T2 - IEICE TRANSACTIONS on Information
SP - 1780
EP - 1789
AU - Hua ZHANG
AU - Shixiang ZHU
AU - Xiao MA
AU - Jun ZHAO
AU - Zeng SHOU
PY - 2017
DO - 10.1587/transinf.2016ICP0005
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2017
AB - As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.
ER -
English
