Abstract
Industrial Control System is used in the industrial process for reducing the human factor burden and handling the complex industrial system process and communications between them efficiently. Internet of Things (IoT) is the fusion of devices and sensors by an information network to enable new and autonomous capabilities. The integration of IoT with industrial applications known as the Industrial Internet of Things (IIoT). The IIoT is found in several critical infrastructures such as water distribution networks. Nowadays, ICS is vulnerable to using the Internet connection to enable industrial IoT sensors to communicate with each other in Real-Time. Therefore, this paper presents an analytical study of detecting anomalies, malicious activities, and cyber-attacks in a cyber-physical of critical water infrastructure in the IIoT infrastructure. The study uses various machine learning algorithms to classify the anomaly events including several attacks and IIoT hardware failures. A real-world dataset covering 15 anomaly situations of normal system activity was analyzed for the research review of the proposed approach. The test situations involved a wide array of incidents from hardware breakdown to water SCADA device sabotage. To classify the malicious activity, various machine learning methods, such as Logistic Regression (LR), Linear Discriminant Analysis (LDA), k-nearest neighbours (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), and Classification and Regression Tree (CART) are used. The results show that CART and NB have the best results for accuracy, precision, recall, and F1-score.
Similar content being viewed by others
References
Abbasi M, Vakilian S, Fanian A, Khosravi MR (2019) Ingredients to enhance the performance of two-stage TCAM-based packet classifiers in internet of things: greedy layering, bit auctioning and range encoding. EURASIP J Wirel Commun Netw 2019(1):1–15
Abbasi M, Mousavi N, Rafiee M, Khosravi MR, Menon VG (2020) A CRC-Based Classifier Micro-Engine for Efficient Flow Processing in SDN-Based Internet of Things. Mob Inf Syst 2020
Abbasi M, Pasand EM, Khosravi MR (2020) Workload allocation in IoT-fog-cloud architecture using a multi-objective genetic algorithm, J Grid Comput, pp 1–14
Adepu S, Mathur A (2016) Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp 449–460
Amin S, Litrico X, Sastry SS, Bayen AM (2012) Cyber security of water SCADA systems part II: attack detection using enhanced hydrodynamic models. IEEE Trans Control Syst Technol 21(5):1679–1693
Amin S, Litrico X, Sastry S, Bayen AM (2012) Cyber security of water SCADA systems part I: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21(5):1963–1970
Anthi E, Williams L, Burnap P (2018) Pulse: an adaptive intrusion detection for the internet of things
Brun O, Yin Y, Gelenbe E, Kadioglu YM, Augusto-Gonzalez J, Ramos M (2018) Deep learning with dense random neural networks for detecting attacks against iot-connected home environments. In: International ISCIS Security Workshop, pp 79–89
Cárdenas AA, Amin S, Lin Z-S, Huang Y-L, Huang C-Y, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM symposium on information, computer and communications security, pp 355–366
Chen F, Deng P, Wan J, Zhang D, Vasilakos AV, Rong X (2015) Data mining for the internet of things: literature review and challenges. Int J Distrib Sens Networks 11(8):431047
Cheng L, Tian K, Yao DD (2017) Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp 315–326
Colbert EJM (2016) Cyber-security of SCADA and Other Industrial Control Systems, vol 66. Springer
D’angelo G, Palmieri F, Ficco M, Rampone S (2015) An uncertainty-managing batch relevance-based approach to network anomaly detection. Appl Soft Comput 36:408–418
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Futur Gener Comput Syst 82:761–768
El-Din HE, Manjaiah DH (2017) Internet of Nano Things and Industrial Internet of Things, in Internet of Things: Novel Advances and Envisioned Applications, Springer, pp 109–123
Essa YM, Hemdan EE-D, El-Mahalawy A, Attiya G, El-Sayed A (2019) IFHDS: intelligent framework for securing healthcare BigData. J Med Syst 43(5):124
Hemdan EE-D, Manjaiah DH (2016) A cloud forensic strategy for investigation of cybercrime, in 2016 International Conference on Emerging Technological Trends (ICETT), pp 1–5
Hemdan EE-D, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive Computing for Big Data Systems Over IoT, Springer, Cham, pp 39–62
Hemdan EED, El Fishawy N, Attiya G, El-Samie FA (2013) An Efficient Image Watermarking approach based on Wavelet Fusion and Singular Value Decomposition in Wavelet Domain. In: Proceeding of 3rd International Conference on ADVANCED CONTROL CIRCUITS AND SYSTEMS (ACCS’013), no 1–10
Hindy H, Brosset D, Bayne E, Seeam A, Bellekens X (2019, January) Improving SIEM for critical SCADA water infrastructures using machine learning. In Computer Security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers (Vol. 11387). Springer, p 3
Hindy H, Brosset D, Bayne E, Seeam A, Bellekens X (2019) Improving SIEM for critical SCADA water infrastructures using machine learning. Lect Notes Comput Sci (including Subser Lect Notes Artif Intell Lect Notes Bioinformatics) 11387 LNCS:3–19
Khosravi MR, Samadi S (2019) Reliable data aggregation in internet of ViSAR vehicles using chained dual-phase adaptive interpolation and data embedding. IEEE Internet Things J 7(4):2603–2610
Khosravi MR, Samadi S (2019, 2019) Efficient payload communications for IoT-enabled ViSAR vehicles using discrete cosine transform-based quasi-sparse bit injection. EURASIP J Wirel Commun Netw (1):262
Laso PM, Brosset D, Puentes J (2017) Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data Br 14:186–191
Lin W, Yin X, Wang S, Khosravi MR (2020) A Blockchain-enabled decentralized settlement model for IoT data exchange services, Wirel. Networks
Lippmann RP et al (2000) Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. Proc DARPA Information Survivabil Confer Exposition DISCEX’00 2:12–26
Liu X, Liu Y, Liu A, Yang LT (2018) Defending ON--OFF attacks using light probing messages in smart sensors for industrial communication systems. IEEE Trans Ind Informatics 14(9):3801–3811
Mathur A (2018) On The Limits of Detecting Process Anomalies in Critical Infrastructure. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, pp 1–1
Menon VG, Jacob S, Joseph S, Sehdev P, Khosravi MR, Al-Turjman F (2020) An IoT-Enabled intelligent automobile system for smart cities. Internet of Things, 100213
Mitchell R, Chen I-R (2014) A survey of intrusion detection techniques for cyber-physical systems. ACM Comput Surv 46(4):55
Pahl M-O, Aubet F-X (2018) All eyes on you: Distributed Multi-Dimensional IoT microservice anomaly detection. In 2018 14th International Conference on Network and Service Management (CNSM), pp 72–80
Pajouh HH, Javidan R, Khayami R, Ali D, Choo K-KR (2016) A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans Emerg Top Comput
Randhawa K, Loo CK, Seera M, Lim CP, Nandi AK (2018) Credit card fraud detection using AdaBoost and majority voting. IEEE access 6:14277–14284
Selim GEI, Hemdan EZZ, Shehata AM, El-Fishawy NA (2019) Anomaly Activities Detection System in Critical Water SCADA Infrastructure Using Machine Learning Techniques. Menoufia J Electron Eng Res 28(ICEEM2019-Special Issue):343–384
Sheppard K (2012) Introduction to python for econometrics, statistics and data analysis. Self-published University of Oxford version 2
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci (Ny) 177(18):3799–3821
Simple guide to confusion matrix terminology. [Online] (2020). Available: https://www.dataschool.io/simple-guide-to-confusion-matrix-terminology/. [Accessed: 19-Mar-2020].
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Selim, G.E.I., Hemdan, E.ED., Shehata, A.M. et al. Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms. Multimed Tools Appl 80, 12619–12640 (2021). https://doi.org/10.1007/s11042-020-10354-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-020-10354-1