Cyberattack Detection using Deep Generative Models with Variational Inference
| Autor: | M. Ehsan Shafiee, Amin Rasekh, Sarin E. Chandy, Zachary A. Barker |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security 010504 meteorology & atmospheric sciences Computer science 0208 environmental biotechnology Geography Planning and Development Inference 02 engineering and technology Management Monitoring Policy and Law Machine learning computer.software_genre 01 natural sciences Critical infrastructure Machine Learning (cs.LG) 0105 earth and related environmental sciences Water Science and Technology Civil and Structural Engineering business.industry Deep learning 020801 environmental engineering Computer Science - Learning Anomaly detection Artificial intelligence business computer Cryptography and Security (cs.CR) Generative grammar |
| DOI: | 10.48550/arxiv.1805.12511 |
| Popis: | Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model's generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|