Cyberattacks detection in industrial scenarios using Machine Learning and Deep Learning techniques
- Perales Gomez, Angel Luis
- Félix J. García Clemente Director
Defence university: Universidad de Murcia
Fecha de defensa: 11 March 2021
- Joaquín García Alfaro Chair
- Pedro Enrique López de Teruel Alcolea Secretary
- Urko Zurutuza Ortega Committee member
Type: Thesis
Abstract
In the last decades, the factories have suffered a significant change in automation, evolving from isolated towards interconnected systems. This change has brought many advantages to factories, such as the increase in the production or the management of factories in different geographical areas. However, the adoption of open standards and the opening to the Internet have caused an increment in the number of attacks affecting Industrial Control Systems. A promising approach to protect factories are Intrusion Detection Systems based on Anomaly Detection paradigm, which is based on modelling the normal system behaviour and detects as abnormal all behaviour outside the normal border. This paradigm is showing great results when it is implemented using Machine Learning and Deep Learning techniques. However, some additional efforts are needed to deploy these techniques in an industrial scenario. The lack of industrial-oriented datasets to train and validate these systems is a significant challenge that hinders its implementation in real scenarios. In addition, a common methodology that considers specific characteristic of industrial scenarios (e.g., its repetitive nature) is needed for Anomaly Detection using Machine Learning and Deep Learning techniques. Finally, the implications that cybersecurity threats have in the safety of workers and assets are a key aspect that needs to be considered. The main goal of this PhD thesis consists in investigating Machine Learning and Deep Learning techniques to develop anomaly detection systems that help to detect cyberattacks in industrial scenarios. This goal can be divided into six smaller goals: 1) Study the existing literature regarding safety, cybersecurity, and their integration in industrial scenarios, 2) Design a framework capable of managing cybersecurity and safety in a unified way, 3) Study the relevant work in the field of industrial-oriented dataset generation, 4) Design a methodology to generate industrial-oriented datasets as well as the generation of a specific dataset to be used in this PhD thesis, 5) Study of industrial-oriented Intrusion Detection Systems solutions as well as the methodology available in the literature to train and validate Machine Learning and Deep Learning models for industrial anomaly detection and 6) Design and validate a methodology for anomaly detection in industrial scenarios using Machine Learning and Deep Learning techniques. This PhD thesis has been conducted by following a scientific process based on the study of the state of the art and the analysis of cyberattacks detection proposals in industrial scenarios. First, we analyzed the literature regarding cybersecurity and safety integration and we noticed that it is in an early stage that is still mainly driven in the industry. Then, we studied the literature regarding industrial-oriented datasets to train anomaly detection models, and we concluded that most of them focused on false data injection, ignoring other harmful attacks like replay attacks. Finally, after studying the anomaly detection literature in industrial scenarios, we figure out that many of the work reviewed do not follow a common methodology and most of them presented methodological errors. Finally, the contribution of this PhD Thesis can be summarized as follow: 1) Design, implementation, and validation of a unified framework for cybersecurity and safety in the manufacturing industry, 2) Design and validation of a methodology to generate datasets from industrial scenarios as well as its implementation to generate Electra, a particular industrial dataset obtained from an electric traction substation, and 3) Design and validation of a methodology, named MADICS, to develop Anomaly Detection systems in industrial scenarios, as well as its use with the well-known SWaT dataset.