nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

24.02.2020 | Invited Paper

Analytical modelling of cyber-physical systems: applying kinetic gas theory to anomaly detection in networks

verfasst von: Paul Tavolato, Hubert Schölnast, Christina Tavolato-Wötzl

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 1/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In connection with anomaly detection in cyber-physical systems, we suggest in this paper a new way of modelling large systems consisting of a huge number of sensors, actuators and controllers. We base the approach on analytical methods usually used in kinetic gas theory, where one tries to describe the overall behavior of a gas without looking at each molecule separately. We model the system as a multi-agent network and derive predictions on the behavior of the network as a whole. These predictions can then be used to monitor the operation of the system. If the deviation between the predictions and the measured attributes of the operational cyber-physical system is sufficiently large, the monitoring system can raise an alarm. This way of modelling the normal behavior of a cyber-physical system has the advantage over machine learning methods mainly used for this purpose, that it is not based on the effective operation of the system during a training phase, but rather on the specification of the system and its intended use. It will detect anomalies in the system’s operation independent of their source—may it be an attack, a malfunction or a faulty implementation.

Vorheriger Artikel Multifamily malware models

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Adepu, S., Mathur, A., Gunda, J., Djokic, S.: An agent-based framework for simulating and analysing attacks on cyber physical systems. In: International Conference on Algorithms and Architectures for Parallel Processing, Springer, Cham, pp. 785–798 (2015)CrossRef

Lee, E.A.: Cyber physical systems: design challenges. In: 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC), IEEE, pp. 363–369 (2008)

Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Rev 2 (2015)

Sridhar, S., Hahn, A., Govindarasu, M.: Cyberphysical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2011)CrossRef

Zhao, M., Walker, J., Wang, C.C.: Challenges and opportunities for securing intelligent transportation system. IEEE J. Emerg. Sel. Top. Circuits Syst. 3(1), 96–105 (2013)CrossRef

Haque, S.A., Aziz, S.M., Rahman, M.: Review of cyber-physical system in healthcare. Int. J. Distrib. Sens. Netw 10(4), 217–415 (2014)CrossRef

Falliere, N., Murchu, L. O., Chien, E.: W32. stuxnet dossier. In: White Paper, Symantec Corporation, Security Response, vol. 5, no. 6, p. 29 (2011)

Symantec: Dragonfly: Cyberespionage Attacks against Energy Suppliers. https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/dragonfly-cyberespionage-attacks-14-en.pdf Mountain View, California (2014) Accessed 29 July 2019

Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack on the Ukrainian power grid. SANS Ind. Control Syst. 223, 212–223 (2016)

10.

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)CrossRef

11.

Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16(1), 303–336 (2013)CrossRef

12.

Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)CrossRef

13.

Fernandes, G., Rodrigues, J.J., Carvalho, L.F., Al-Muhtadi, J.F., Proena, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2019)CrossRef

14.

Hamdi, M., Boudriga, N.: Detecting Denial-of-service attacks using the wavelet transform. Comput. Commun. 30(16), 3203–3213 (2007)CrossRef

15.

Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: ACM SIGCOMM Computer Communication Review, vol. 34, no. 4, ACM, pp. 219–230 (2004)

16.

Yeung, D.S., Jin, S., Wang, X.: Covariance-matrix modeling and detecting various flooding attacks. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 37(2), 157–169 (2007)CrossRef

17.

Holt, C.C.: Forecasting seasonals and trends by exponentially weighted moving averages. In: ONR Memorandum, vol. 52 (1957)

18.

Pena, E.H., Carvalho, L.F., Barbon, S., Rodrigues, J.J., Proena, M.L.: Correlational paraconsistent machine for anomaly detection. In: 2014 IEEE Global Communications Conference, IEEE, pp. 551–556 (2014)

19.

MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, no. 14, pp. 281–297 (1967)

20.

Cover, T.M., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21–27 (1967)CrossRef

21.

Agrawal, R., Gehrke, J., Gunopulos, D., Raghavan, P.: Automatic Subspace Clustering of High Dimensional Data for Data Mining Applications, pp. 94–105. ACM, New York (1998)

22.

Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Stochastic protocol modeling for anomaly based network intrusion detection. In: Proceedings of First IEEE International Workshop on Information Assurance, IWIAS 2003, IEEE, pp. 3–12 (2003)

23.

Jensen, F.V.: An Introduction to Bayesian Networks, vol. 210, pp. 1–178. UCL press, London (1996)

24.

Nielsen, T.D., Jensen, F.V.: Bayesian Networks and Decision Graphs. Springer, Berlin (2009)MATH

25.

Scholkopf, B., Smola, A.J.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT press, Cambridge (2001)

26.

Haykin, S.: Neural Networks, vol. 2. Prentice Hall, New York (1994)MATH

27.

Li, M., Vitnyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. Springer, Berlin (2013)

28.

Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)MathSciNetCrossRef

29.

Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings 2001 IEEE Symposium on Security and Privacy, IEEE, pp. 130–143 (2001)

30.

Bereziński, P., Jasiul, B., Szpyrka, M.: An entropy-based network anomaly detection method. In: Entropy, vol. 17, no. 4, pp. 2367–2408. http://www.mdpi.com/1099-4300/17/4/2367. Accessed 25 Nov 2019

31.

Martos, G., Hernndez, N., Muoz, A., Moguerza, J.: Entropy measures for stochastic processes with applications in functional anomaly detection. In: Entropy, vol. 20, no. 1, p. 33 (2018)

32.

Xie, M., Hu, J., Guo, S., Zomaya, A.Y.: Distributed segment-based anomaly detection with Kullback–Leibler divergence in wireless sensor networks. IEEE Trans. Inf. Forensics Secur. 12(1), 101–110 (2017)CrossRef

33.

Xiong, Y., Jing, Y., Chen, T.: Abnormality detection based on the Kullback–Leibler divergence for generalized Gaussian data. Control Eng. Pract. 85, 257–270 (2019)CrossRef

34.

Kar, A.K.: Bio inspired computing: a review of algorithms and scope of applications. Expert Syst. Appl. 59, 20–32 (2016)CrossRef

35.

Firdaus, A., Anuar, N.B., Ab Razak, M.F., Sangaiah, A.K.: Bio-inspired computational paradigm for feature investigation and malware detection: interactive analytics. Multimed Tools Appl 77(14), 17519–17555 (2018)CrossRef

36.

De Castro, L.N., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Berlin (2002)MATH

37.

Hooks, D., Yuan, X., Roy, K., Esterline, A., Hernandez, J.: Applying artificial immune system for intrusion detection. In: 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), IEEE, pp. 287–292 (2018)

38.

Aslahi-Shahri, B., Rahmani, R., Chizari, M., Maralani, A., Eslami, M., Golkar, M., Ebrahimi, A.: A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput. Appl. 27(6), 1669–1676 (2016)CrossRef

39.

Deng, X., Jiang, P., Peng, X., Mi, C.: An intelligent outlier detection method with one class support tucker machine and genetic algorithm toward big sensor data in Internet of Things. IEEE Trans. Ind. Electron. 66(6), 4672–4683 (2019)CrossRef

40.

Hamamoto, A.H., Carvalho, L.F., Sampaio, L.D.H., Abro, T., Proena Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390–402 (2018)CrossRef

41.

Bamakan, S.M.H., Wang, H., Yingjie, T., Shi, Y.: An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199, 90–102 (2016)CrossRef

42.

Wahid, A., Rao, A.C.S.: A distance-based outlier detection using particle swarm optimization technique. In: Information and Communication Technology for Competitive Strategies, Springer, pp. 633–643 (2019)

43.

Storn, R., Price, K.: Differential evolutional simple and efficient heuristic for global optimization over continuous spaces. J. Glob Optim. 11(4), 341–359 (1997)CrossRef

44.

Elsayed, S., Sarker, R., Slay, J.: Evaluating the performance of a differential evolution algorithm in anomaly detection. In: 2015 IEEE Congress on Evolutionary Computation (CEC), IEEE, pp. 2490–2497 (2015)

45.

Boltzmann, L.: Weitere Studien über das Wärmegleichgewicht unter Gasmolekülen. In: Sitzungsberichte der Kaiserlichen Akademie der Wissenschaften zu Wien, pp. 275–370 (1872)

46.

Boltzmann, L.: Weitere Studien über das Wärmegleichgewicht unter Gasmolekülen. In: Kinetische Theorie II, Springer, pp. 115–225 (1970)

47.

Pareschi, L., Toscani, G.: Interacting Multiagent Systems: Kinetic Equations and Monte Carlo Methods. OUP, Oxford (2013)MATH

48.

Bellouquid, A., Delitala, M.: Mathematical Modeling of Complex Biological Systems. Birkhser, Boston (2006)MATH

49.

Keung, Y., Li, B., Zhang, Q.: The intrusion detection in mobile sensor network. In: Proceedings of the Eleventh ACM International Symposium on Mobile Ad Hoc Networking and Computing, ACM, pp. 11–20 (2010)

50.

Monica, S., Bergenti, F.: Outline of a generalization of kinetic theory to study opinion dynamics In: International Symposium on Distributed Computing and Artificial Intelligence (2018)

51.

Monica, S., Bergenti, F.: An analytic study of opinion dynamics in multi-agent systems. Comput. Math. Appl. 73(10), 2272–2284 (2017)MathSciNetCrossRef

52.

Kullback, S., Leibler, R.A.: On information and sufficiency. Ann. Math. Stat. 22(1), 79–86 (1951)MathSciNetCrossRef

Titel: Analytical modelling of cyber-physical systems: applying kinetic gas theory to anomaly detection in networks
verfasst von: Paul Tavolato
Hubert Schölnast
Christina Tavolato-Wötzl
Publikationsdatum: 24.02.2020
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 1/2020
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-020-00349-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2020

Editorial

Formalization and co-simulation of attacks on cyber-physical systems

Statistical and combinatorial analysis of the TOR routing protocol: structural weaknesses identified in the TOR network

Multifamily malware models

PenQuest: a gamified attacker/defender meta model for cyber security assessment and education