Skip to main content

Advertisement

SpringerLink
Log in

Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Industrial Control System is used in the industrial process for reducing the human factor burden and handling the complex industrial system process and communications between them efficiently. Internet of Things (IoT) is the fusion of devices and sensors by an information network to enable new and autonomous capabilities. The integration of IoT with industrial applications known as the Industrial Internet of Things (IIoT). The IIoT is found in several critical infrastructures such as water distribution networks. Nowadays, ICS is vulnerable to using the Internet connection to enable industrial IoT sensors to communicate with each other in Real-Time. Therefore, this paper presents an analytical study of detecting anomalies, malicious activities, and cyber-attacks in a cyber-physical of critical water infrastructure in the IIoT infrastructure. The study uses various machine learning algorithms to classify the anomaly events including several attacks and IIoT hardware failures. A real-world dataset covering 15 anomaly situations of normal system activity was analyzed for the research review of the proposed approach. The test situations involved a wide array of incidents from hardware breakdown to water SCADA device sabotage. To classify the malicious activity, various machine learning methods, such as Logistic Regression (LR), Linear Discriminant Analysis (LDA), k-nearest neighbours (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), and Classification and Regression Tree (CART) are used. The results show that CART and NB have the best results for accuracy, precision, recall, and F1-score.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Abbasi M, Vakilian S, Fanian A, Khosravi MR (2019) Ingredients to enhance the performance of two-stage TCAM-based packet classifiers in internet of things: greedy layering, bit auctioning and range encoding. EURASIP J Wirel Commun Netw 2019(1):1–15

    Article  Google Scholar 

  2. Abbasi M, Mousavi N, Rafiee M, Khosravi MR, Menon VG (2020) A CRC-Based Classifier Micro-Engine for Efficient Flow Processing in SDN-Based Internet of Things. Mob Inf Syst 2020

  3. Abbasi M, Pasand EM, Khosravi MR (2020) Workload allocation in IoT-fog-cloud architecture using a multi-objective genetic algorithm, J Grid Comput, pp 1–14

  4. Adepu S, Mathur A (2016) Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp 449–460

  5. Amin S, Litrico X, Sastry SS, Bayen AM (2012) Cyber security of water SCADA systems part II: attack detection using enhanced hydrodynamic models. IEEE Trans Control Syst Technol 21(5):1679–1693

    Article  Google Scholar 

  6. Amin S, Litrico X, Sastry S, Bayen AM (2012) Cyber security of water SCADA systems part I: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21(5):1963–1970

    Article  Google Scholar 

  7. Anthi E, Williams L, Burnap P (2018) Pulse: an adaptive intrusion detection for the internet of things

  8. Brun O, Yin Y, Gelenbe E, Kadioglu YM, Augusto-Gonzalez J, Ramos M (2018) Deep learning with dense random neural networks for detecting attacks against iot-connected home environments. In: International ISCIS Security Workshop, pp 79–89

  9. Cárdenas AA, Amin S, Lin Z-S, Huang Y-L, Huang C-Y, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM symposium on information, computer and communications security, pp 355–366

  10. Chen F, Deng P, Wan J, Zhang D, Vasilakos AV, Rong X (2015) Data mining for the internet of things: literature review and challenges. Int J Distrib Sens Networks 11(8):431047

    Article  Google Scholar 

  11. Cheng L, Tian K, Yao DD (2017) Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp 315–326

  12. Colbert EJM (2016) Cyber-security of SCADA and Other Industrial Control Systems, vol 66. Springer

  13. D’angelo G, Palmieri F, Ficco M, Rampone S (2015) An uncertainty-managing batch relevance-based approach to network anomaly detection. Appl Soft Comput 36:408–418

    Article  Google Scholar 

  14. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Futur Gener Comput Syst 82:761–768

    Article  Google Scholar 

  15. El-Din HE, Manjaiah DH (2017) Internet of Nano Things and Industrial Internet of Things, in Internet of Things: Novel Advances and Envisioned Applications, Springer, pp 109–123

  16. Essa YM, Hemdan EE-D, El-Mahalawy A, Attiya G, El-Sayed A (2019) IFHDS: intelligent framework for securing healthcare BigData. J Med Syst 43(5):124

  17. Hemdan EE-D, Manjaiah DH (2016) A cloud forensic strategy for investigation of cybercrime, in 2016 International Conference on Emerging Technological Trends (ICETT), pp 1–5

  18. Hemdan EE-D, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive Computing for Big Data Systems Over IoT, Springer, Cham, pp 39–62

  19. Hemdan EED, El Fishawy N, Attiya G, El-Samie FA (2013) An Efficient Image Watermarking approach based on Wavelet Fusion and Singular Value Decomposition in Wavelet Domain. In: Proceeding of 3rd International Conference on ADVANCED CONTROL CIRCUITS AND SYSTEMS (ACCS’013), no 1–10

  20. Hindy H, Brosset D, Bayne E, Seeam A, Bellekens X (2019, January) Improving SIEM for critical SCADA water infrastructures using machine learning. In Computer Security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers (Vol. 11387). Springer, p 3

  21. Hindy H, Brosset D, Bayne E, Seeam A, Bellekens X (2019) Improving SIEM for critical SCADA water infrastructures using machine learning. Lect Notes Comput Sci (including Subser Lect Notes Artif Intell Lect Notes Bioinformatics) 11387 LNCS:3–19

    Google Scholar 

  22. Khosravi MR, Samadi S (2019) Reliable data aggregation in internet of ViSAR vehicles using chained dual-phase adaptive interpolation and data embedding. IEEE Internet Things J 7(4):2603–2610

    Article  Google Scholar 

  23. Khosravi MR, Samadi S (2019, 2019) Efficient payload communications for IoT-enabled ViSAR vehicles using discrete cosine transform-based quasi-sparse bit injection. EURASIP J Wirel Commun Netw (1):262

  24. Laso PM, Brosset D, Puentes J (2017) Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data Br 14:186–191

    Article  Google Scholar 

  25. Lin W, Yin X, Wang S, Khosravi MR (2020) A Blockchain-enabled decentralized settlement model for IoT data exchange services, Wirel. Networks

  26. Lippmann RP et al (2000) Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. Proc DARPA Information Survivabil Confer Exposition DISCEX’00 2:12–26

    Article  Google Scholar 

  27. Liu X, Liu Y, Liu A, Yang LT (2018) Defending ON--OFF attacks using light probing messages in smart sensors for industrial communication systems. IEEE Trans Ind Informatics 14(9):3801–3811

    Article  Google Scholar 

  28. Mathur A (2018) On The Limits of Detecting Process Anomalies in Critical Infrastructure. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, pp 1–1

  29. Menon VG, Jacob S, Joseph S, Sehdev P, Khosravi MR, Al-Turjman F (2020) An IoT-Enabled intelligent automobile system for smart cities. Internet of Things, 100213

  30. Mitchell R, Chen I-R (2014) A survey of intrusion detection techniques for cyber-physical systems. ACM Comput Surv 46(4):55

    Article  Google Scholar 

  31. Pahl M-O, Aubet F-X (2018) All eyes on you: Distributed Multi-Dimensional IoT microservice anomaly detection. In 2018 14th International Conference on Network and Service Management (CNSM), pp 72–80

  32. Pajouh HH, Javidan R, Khayami R, Ali D, Choo K-KR (2016) A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans Emerg Top Comput

  33. Randhawa K, Loo CK, Seera M, Lim CP, Nandi AK (2018) Credit card fraud detection using AdaBoost and majority voting. IEEE access 6:14277–14284

    Article  Google Scholar 

  34. Selim GEI, Hemdan EZZ, Shehata AM, El-Fishawy NA (2019) Anomaly Activities Detection System in Critical Water SCADA Infrastructure Using Machine Learning Techniques. Menoufia J Electron Eng Res 28(ICEEM2019-Special Issue):343–384

    Article  Google Scholar 

  35. Sheppard K (2012) Introduction to python for econometrics, statistics and data analysis. Self-published University of Oxford version 2

  36. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci (Ny) 177(18):3799–3821

    Article  Google Scholar 

  37. Simple guide to confusion matrix terminology. [Online] (2020). Available: https://www.dataschool.io/simple-guide-to-confusion-matrix-terminology/. [Accessed: 19-Mar-2020].

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Deptartment, Faculty of Electronic Engineering, Menoufia University, Menoufia, Egypt

    Gamal Eldin I. Selim, EZZ El-Din Hemdan, Ahmed M. Shehata & Nawal A. El-Fishawy

Authors
  1. Gamal Eldin I. Selim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. EZZ El-Din Hemdan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmed M. Shehata
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nawal A. El-Fishawy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to EZZ El-Din Hemdan.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Selim, G.E.I., Hemdan, E.ED., Shehata, A.M. et al. Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms. Multimed Tools Appl 80, 12619–12640 (2021). https://doi.org/10.1007/s11042-020-10354-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-10354-1

Keywords

Search

Navigation