A review of machine learning techniques for the cybersecurity of critical infrastructures
Date Issued
2020
Author(s)
Cîrnu, Carmen Elena
Florian, Vladimir
Stanciu, Alexandru
Vevera, Adrian Victor
Ciupercă, Ella Magdalena
Abstract
An essential component of the National security consists of the protection of its critical infrastructures (CIs), whether they are physical or virtual, as any disruption of their services could have a serious impact on
economic well-being, public health or safety, or any combination of these. Any shutdown or delay may determine financial losses and major risks to people and the environment. All modern CIs are controlled by Industrial Control Systems (ICS) being dependent on their correct and continuous undisturbed functioning. Modern ICSs are inherently much less secure and exposed to the majority of cyber-attacks that are becoming more advanced and sophisticated. Consequently, efficient tools for the protection of hardware and software components of ICSs are required. One such class consists of intrusion prevention and detection systems (IPDS). Contemporary IPDSs use machine learning algorithms to detect threats manifested as anomalous behavior of a particular system. To provide robust detection systems with sufficient layers of protection, these must be combined with other methods and extensively tested with good datasets and using appropriate testbeds. Recent research suggests that conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. Moreover, deep learning methods are achieving state-of-the-art results across a range of difficult problem domains. The objective of our paper is to identify and discuss machine learning-based intrusion detection and protection methods and their implementation in industrial control intrusion detection systems, able to contribute to ensuring national security.
economic well-being, public health or safety, or any combination of these. Any shutdown or delay may determine financial losses and major risks to people and the environment. All modern CIs are controlled by Industrial Control Systems (ICS) being dependent on their correct and continuous undisturbed functioning. Modern ICSs are inherently much less secure and exposed to the majority of cyber-attacks that are becoming more advanced and sophisticated. Consequently, efficient tools for the protection of hardware and software components of ICSs are required. One such class consists of intrusion prevention and detection systems (IPDS). Contemporary IPDSs use machine learning algorithms to detect threats manifested as anomalous behavior of a particular system. To provide robust detection systems with sufficient layers of protection, these must be combined with other methods and extensively tested with good datasets and using appropriate testbeds. Recent research suggests that conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. Moreover, deep learning methods are achieving state-of-the-art results across a range of difficult problem domains. The objective of our paper is to identify and discuss machine learning-based intrusion detection and protection methods and their implementation in industrial control intrusion detection systems, able to contribute to ensuring national security.