An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios
Abstract When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Mac...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2023-07-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12115 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832547390252384256 |
|---|---|
| author | Ángel Luis Perales Gómez Lorenzo Fernández Maimó Alberto Huertas Celdrán Félix J. García Clemente |
| author_facet | Ángel Luis Perales Gómez Lorenzo Fernández Maimó Alberto Huertas Celdrán Félix J. García Clemente |
| author_sort | Ángel Luis Perales Gómez |
| collection | DOAJ |
| description | Abstract When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black‐box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi‐supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi‐supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1‐score of 0.9711. |
| format | Article |
| id | doaj-art-cd26271215924d62b9d11975ee1a0f25 |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2023-07-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-cd26271215924d62b9d11975ee1a0f252025-02-03T06:45:06ZengWileyIET Information Security1751-87091751-87172023-07-0117455356610.1049/ise2.12115An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenariosÁngel Luis Perales Gómez0Lorenzo Fernández Maimó1Alberto Huertas Celdrán2Félix J. García Clemente3Departamento de Ingeniería y Tecnología de Computadores University of Murcia, Espinardo Murcia SpainDepartamento de Ingeniería y Tecnología de Computadores University of Murcia, Espinardo Murcia SpainCommunication Systems Group CSG Department of Informatics IfI University of Zurich Zurich SwitzerlandDepartamento de Ingeniería y Tecnología de Computadores University of Murcia, Espinardo Murcia SpainAbstract When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black‐box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi‐supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi‐supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1‐score of 0.9711.https://doi.org/10.1049/ise2.12115anomaly detectiondeep learningexplainable artificial intelligenceindustry applicationsmachine learningroot cause analysis |
| spellingShingle | Ángel Luis Perales Gómez Lorenzo Fernández Maimó Alberto Huertas Celdrán Félix J. García Clemente An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios IET Information Security anomaly detection deep learning explainable artificial intelligence industry applications machine learning root cause analysis |
| title | An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| title_full | An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| title_fullStr | An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| title_full_unstemmed | An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| title_short | An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| title_sort | interpretable semi supervised system for detecting cyberattacks using anomaly detection in industrial scenarios |
| topic | anomaly detection deep learning explainable artificial intelligence industry applications machine learning root cause analysis |
| url | https://doi.org/10.1049/ise2.12115 |
| work_keys_str_mv | AT angelluisperalesgomez aninterpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT lorenzofernandezmaimo aninterpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT albertohuertasceldran aninterpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT felixjgarciaclemente aninterpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT angelluisperalesgomez interpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT lorenzofernandezmaimo interpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT albertohuertasceldran interpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios AT felixjgarciaclemente interpretablesemisupervisedsystemfordetectingcyberattacksusinganomalydetectioninindustrialscenarios |