Scribd Logo
Upload

Welcome to Scribd!

  • Machine Learning

    Uploaded by

    qaisar ayub
    7 views14 pages

    Original Title

    MachineLearning

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views14 pages

    Machine Learning

    Uploaded by

    qaisar ayub

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    DEPARTMENT OF ELECTRICAL ENGINEERING

    COMSATS INSTITUTE OF INFORMAT TECHNOLOGY


    ISLAMABAD,PAKISTAN

    COMPUTER
    PERESENTED BY : QAISAR AYUB SECURITY
    M.Faisal

    REGISTERATION # CIIT/SP21-
    REE-012/ISB
    CIIT/SP21-REE-006/ISB
    CCTV
    SECURITY

    MOBILE
    SECURITY

    NETWORK
    BUGS

    EXPLAINABLE ANOMALY DETECTION FOR INDUSTRIAL CONTROL


    SYSTEM CYBERSECURITY
    OUTLINES

     Introduction
     Focus of work
     Proposed work
     Literature Review
     Problem Statement
     Conclusion
    Introduction (1/3)

     The cyber security literature has not taken into account the specific features
    and needs of Industrial Control Systems (ICS) and Supervisory Control And
    Data Acquisition (SCADA) systems.
     These systems are widely used in industries from different sectors (energy, oil &
    gas, automated manufacturing, water treatment, chemical, pharmaceutical, etc.)
    to control, monitor and execute operations related to physical processes.
     ICS/SCADA systems are prone to malfunction when methodologies and tools
    widely used in IT environments, are run on control networks. The potential
    impact of this is significant since incorrect operation of these devices can
    negatively impact the physical environment in which these systems operate.
     Industrial Control Systems (ICSs) are becoming more and more important in
    managing the operation of many important systems in smart manufacturing,
    such as power stations, water supply systems, and manufacturing sites.
    Introduction (2/3)

     Industrial Control System Functional Components are


    • Programmable Logic Controller
    • Remote Terminal Unit
    • Intelligent Electronic Device
    • Engineering Workstation
    • Human Machine Interface
    • Data Historian
    • Communications Gateways
    • Front End Processor
    Introduction (3/3)

     Anomaly detection
    Anomaly detection is the identification of rare events, items, or observations which
    are suspicious because they differ significantly from standard behaviors or
    patterns. Anomalies in data are also called standard deviations, outliers, noise,
    novelties, and exceptions.

     Security logs
    Log files are detailed, text-based records of events within an organization's IT
    systems. They are generated by a wide variety of devices and applications, among
    them antimalware, system utilities, firewalls, intrusion detection and prevention
    systems, servers, workstations and networking equipment.
    Focus of work
    Proposed work

     We use the same method “Anomaly Detection using Hybrid LSTM – based
    Autoencoder OCSVM Model” implemented in the paper, but we use the data set
    that is different from the author proposed work.
     We Download the Dataset from Kaggle [1].

    [1] https://www.kaggle.com/icsdataset
    Literature Review(1/1)
    Literature Review (1/3)

     LSTM Auto-encoder:
    LSTM Auto-encoder refers to an Auto-encoder network that applies LSTM for both
    parts of the encoder and decoder. The objective of the auto-encoder is to learn a
    compressed representation for the input using encoding and decoding. More
    specifically, in an Auto-encoder network, the input is compressed in the encoder
    part into the code, and then it is reconstructed by decompressing the code in the
    decoder part.
    The LSTM cell for both the encoder and decoder, the LSTM Auto-encoder benefits
    from both models: it outperforms the regular auto-encoder in dealing with input
    sequences.
    Literature Review (2/3)

     OCSVM Model (One Class Support Vector Machine):


    As by LSTM Auto-encoder is used only for extracting crucial information from the
    data, and the task of detecting the abnormal objects from the input is left to the
    OCSVM. OCSVM can be considered as a variant of the traditional SVM for the
    case we have only one class and the goal is to test a new data point to decide if it
    is normal.
    Literature Review (3/3)

     The Auto-encoder LSTM-OCSVM has been trained from a normal sequence


     The income Data X and features are told
     Then X is divided into sequences using sliding window l
     The difference between Xi and its reconstructed representation X^i is passed
    through the trained OCSVM for AD(anomaly detection).
     If the given data is out of the circle then it is anomaly if not then it is normal
    Research Challenges

     How to exploit SCADA network and differentiate Anomaly from benign events
     How to chose an anomaly detection approach to detect variants of new attacks
    in less time
    Problem Statement

     Efficient anomaly detection using system monitoring tools is a major challenge


    for future cyber networks on SCADA(Supervisory control and data acquisition)
    networks.
    Conclusion

     Logs have been widely used in various maintenance tasks for different ICS
    operations.
     To pursue more intelligent solutions, many efforts have been devoted to
    developing deep learning-based anomaly detectors.
     However, we observe they are not fully deployed in industrial practice.

    You might also like