Score and You Shall Find: A Novel Regularization Technique for Cyberattack Detection in Industrial Control Systems

In recent years, countermeasures against cyberattacks on industrial control systems (ICSs) has included the use of machine learning models for their detection. However, the efficacy of these existing detection methods is limited due to a large number of false positives. In this paper, we propose a novel regularization technique, named similar device regularization, to reduce false positives of cyberattack detection in ICSs. The proposed technique penalizes the separation of feature vectors for similar devices and is applicable to any machine learning model with link prediction tasks for cyberattack detection in ICSs. Furthermore, we present a detection method, ConvSDR, as an application of the proposed technique. Extensive experiments with ConvSDR demonstrate that it outperforms the existing methods by virtue of the similar device regularization. The similar device regularization can also suppress the overfitting of machine learning models, which is often caused due to an increase in model parameters. Furthermore, we identify that the similar device regularization reduces false positives by over 40%.

• Publication year

  2023

• Venue

  RICSS@CCS

• Publication date

  2023-11-20

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1145/3689930.3695205
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Secure Cyberattack and Anomaly Detections in the Presence of Actuators Lags and Communication Delays With Application to Industrial Gas Turbines

  2024cited by this paper
• Comparison and Investigation of AI-Based Approaches for Cyberattack Detection in Cyber-Physical Systems

  2024cited by this paper
• An online intrusion detection method for industrial control systems based on extended belief rule base

  2024cited by this paper
• Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

  2024cited by this paper
• Unsafe Behavior Detection with Adaptive Contrastive Learning in Industrial Control Systems

  2023cited by this paper
• Graph Neural Networks for Intrusion Detection: A Survey

  2023cited by this paper
• Explainable Artificial Intelligence Enabled Intrusion Detection Technique for Secure Cyber-Physical Systems

  2023cited by this paper
• A Deep-Learning-Based Solution for Securing the Power Grid Against Load Altering Threats by IoT-Enabled Devices

  2023cited by this paper
• False data injection attack in smart grid: Attack model and reinforcement learning-based detection method

  2023cited by this paper
• Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey

  2022cited by this paper
• Automated Microsegmentation for Lateral Movement Prevention in Industrial Internet of Things (IIoT)

  2021cited by this paper
• A Survey on Industrial Control System Testbeds and Datasets for Security Research

  2021cited by this paper
• Exploring Simple Siamese Representation Learning

  2020cited by this paper
• Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems

  2020cited by this paper
• Graph Convolutional Network-based Suspicious Communication Pair Estimation for Industrial Control Systems

  2020cited by this paper
• Project

  2019cited by this paper
• Whitelisting Cyber Attack Detection according to Estimated Operational States for CPS

  2019cited by this paper
• MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks

  2019cited by this paper
• A modeling framework for critical infrastructure and its application in detecting cyber-attacks on a water distribution system

  2019cited by this paper
• The Leaky Actuator: A Provably-covert Channel in Cyber Physical Systems

  2019cited by this paper
• Deep-Learning Approach to the Detection and Localization of Cyber-Physical Attacks on Water Distribution Systems

  2018cited by this paper
• Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

  2018cited by this paper
• Physical Attestation in the Smart Grid for Distributed State Verification

  2018cited by this paper
• Adversarial Regression for Detecting Attacks in Cyber-Physical Systems

  2018cited by this paper
• Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

  2018cited by this paper
• Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS

  2018cited by this paper
• A Two-level Intrusion Detection System for Industrial Control System Networks using P4

  2018cited by this paper
• Multi-Agent Approach for Enhancing Security of Protection Schemes in Cyber-Physical Energy Systems

  2017cited by this paper
• Convolutional 2D Knowledge Graph Embeddings

  2017cited by this paper
• Modeling Relational Data with Graph Convolutional Networks

  2017cited by this paper
• Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks

  2017cited by this paper
• Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning

  2017cited by this paper
• Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks

  2017cited by this paper
• Guide to Industrial Control Systems (ICS) Security

  2015cited by this paper
• Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems

  2015cited by this paper
• Embedding Entities and Relations for Learning and Inference in Knowledge Bases

  2014cited by this paper
• Reasoning With Neural Tensor Networks for Knowledge Base Completion

  2013cited by this paper
• The real story of stuxnet

  2013cited by this paper
• Flow whitelisting in SCADA networks

  2013cited by this paper
• Rule-Based Intrusion Detection System for SCADA Networks

  2013cited by this paper
• Translating Embeddings for Modeling Multi-relational Data

  2013cited by this paper
• Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications

  2013cited by this paper

• LLMs, You Can Evaluate It! Design of Multi-perspective Report Evaluation for Security Operation Centers

  2026cites this paper
• LLMs, You Can Evaluate It! Design of Multi-perspective Evaluation for Reports in Security Operation Centers

  year unknowncites this paper