ŞEHİR e-arşiv

Sensor based cyber attack detections in critical infrastructures using deep learning algorithms

Show simple item record

dc.contributor.advisor Gül, Ensar
dc.contributor.author Yılmaz, Murat
dc.date.accessioned 2019-04-02T07:40:06Z
dc.date.available 2019-04-02T07:40:06Z
dc.date.issued 2019-04-02
dc.date.submitted 2018-09-10
dc.identifier.uri http://hdl.handle.net/11498/56107
dc.description.abstract The technology that has evolved with innovations in the digital world has also caused an increase in many security problems. Day by day the methods and forms of the cyber attacks began to become complicated, and therefore their detection became more difficult. In this work we will use datasets prepared in collaboration with Raymond Borges and OakRidgeNationalLaboratories. ThesedatasetsincludemeasurementsoftheIndustrial Control Systems related to chewing attack behavior. These measurements include synchronized measurements and data records from Snort and relays with simulated control panel. In our work, we developed two models using this dataset. The first is the model we call the Deep Neural Network (DNN) Model and build using the latest Deep Learning algorithms. Second is the model which we created by adding the AutoEncoder (AE) structure to the DNN Model. All of the variables used when developing our models were set parametrically. A number of variables such as Activation Method, number of hidden layers in the model, number of nodes in the layers, number of iterations were analyzed to create the optimum model design. When we run our model with optimum settings, we obtained better results than related publications. The learning speed of the model we have obtained 100% accuracy rate is also quite satisfactory. While the training speed of the dataset containing about 4 thousand different operations lasts about 90 seconds, the model which completes the learning process is at the level of milliseconds to detect new attacks. This increases the applicability of the study. Detailed information about the results of the model is interpretedinChapter5andtheproposalsforthedevelopmentofthemodelarediscussed in Chapter 6. In our work, we intend to minimize the cost of recognizing and learning new attacks by using deep learning methods to more effectively protect industrial systems such as critical infrastructures. en_US
dc.description.tableofcontents CONTENTS: Declaration of Authorship ii Abstract iii Öz iv Acknowledgments v List of Figures viii List of Tables xi Abbreviations xiii 1 Introduction 1 1.1 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2 Related Work 5 2.1 Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Classification of Disturbances and Cyber-attacks in Power Systems Using Heterogeneous Time-synchronized Data . . . . . . . . . . . . . . . . . . . 6 2.3 A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System . . . . . . . . . . . . . . . . . . . . 6 2.4 Machine Learning for Power System Disturbance and Cyber-attack Discrimination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3 Preliminaries 8 3.1 Datasets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.2 Autoencoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.3 Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4 Methodology 14 4.1 System Model without Autoencoder . . . . . . . . . . . . . . . . . . . . . 14 4.2 System Model with Autoencoder . . . . . . . . . . . . . . . . . . . . . . . 16 5 Experiments 19 5.1 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 5.2 Experiments Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.2.1 DNN Model Results . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.2.1.1 Binary Data Class Results . . . . . . . . . . . . . . . . . 22 5.2.1.2 Triple Data Class Results . . . . . . . . . . . . . . . . . . 30 5.2.1.3 Multi Data Class Results . . . . . . . . . . . . . . . . . . 36 5.2.2 AutoEncoder Results . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.2.2.1 Binary Data Class Results with AutoEncoder Model . . . 44 5.2.2.2 Triple Data Class Results with AutoEncoder Model . . . 53 5.2.2.3 Multi Data Class Results with AutoEncoder Model . . . 60 5.2.3 Classification Models Results . . . . . . . . . . . . . . . . . . . . . 66 5.2.3.1 Binary Data Class Results with Classification Models . . 66 5.2.3.2 Triple Data Class Results with Classification Models . . . 67 5.2.3.3 Multi Data Class Results with Classification Models . . . 68 6 Conclusuion and Future Work 69 Bibliography 70 en_US
dc.language.iso eng en_US
dc.rights info:eu-repo/semantics/openAccess en_US
dc.subject Information Security en_US
dc.subject Cyberterrorism en_US
dc.subject Industrial Systems en_US
dc.subject Bilgi Güvenliği en_US
dc.subject Siber Terörizm en_US
dc.subject Endüstriyel Sistemler en_US
dc.title Sensor based cyber attack detections in critical infrastructures using deep learning algorithms en_US
dc.type Thesis en_US
dc.contributor.department İstanbul Şehir University. Graduate School of Natural and Applied Sciences.Cybersecurity Engineering. en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ŞEHİR e-arşiv


Advanced Search

Browse

My Account

Statistics