A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 9 Issue 3
Mar.  2022

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 15.3, Top 1 (SCI Q1)
    CiteScore: 23.5, Top 2% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
J. Zhang, L. Pan, Q.-L. Han, C. Chen, S. Wen, and Y. Xiang, “Deep learning based attack detection for cyber-physical system cybersecurity: a survey,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 3, pp. 377–391, Mar. 2022. doi: 10.1109/JAS.2021.1004261
Citation: J. Zhang, L. Pan, Q.-L. Han, C. Chen, S. Wen, and Y. Xiang, “Deep learning based attack detection for cyber-physical system cybersecurity: a survey,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 3, pp. 377–391, Mar. 2022. doi: 10.1109/JAS.2021.1004261

Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey

doi: 10.1109/JAS.2021.1004261
More Information
  • With the booming of cyber attacks and cyber criminals against cyber-physical systems (CPSs), detecting these attacks remains challenging. It might be the worst of times, but it might be the best of times because of opportunities brought by machine learning (ML), in particular deep learning (DL). In general, DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data. DL models are adopted quickly to cyber attacks against CPS systems. In this survey, a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context. A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems. The methodology includes CPS scenario analysis, cyber attack identification, ML problem formulation, DL model customization, data acquisition for training, and performance evaluation. The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules. Moreover, excellent performance is achieved partly because of several high-quality datasets that are readily available for public use. Furthermore, challenges, opportunities, and research trends are pointed out for future research.

     

  • loading
  • 1 http://itrust.sutd.edu.sg/dataset/SWaT2 https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets3 https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets4 https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/5 http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
    https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets
    https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets
    https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/
    http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  • [1]
    J. Giraldo, E. Sarkar, A. A. Cardenas, M. Maniatakos, and M. Kantarcioglu, “Security and privacy in cyberphysical systems: A survey of surveys,” IEEE Design &Test, vol. 34, no. 4, pp. 7–17, 2017.
    [2]
    R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Computing Surveys, vol. 46, no. 4, pp. 1–29, 2014.
    [3]
    H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for cyber-physical systems under adversarial attacks,” IEEE Trans. Automatic control, vol. 59, no. 6, pp. 1454–1467, 2014. doi: 10.1109/TAC.2014.2303233
    [4]
    X. Ge, Q.-L. Han, M. Zhong, and Z.-M. Zhang, “Distributed Krein space-based attack detection over sensor networks under deception attacks,” Automatica, vol. 109, Article 108557, Nov. 2019.
    [5]
    W. He, Z. Mo, Q.-L. Han, and F. Qian, “Secure impulsive synchronization in Lipschitz-type multi-agent systems subject to deception attacks,” IEEE/CAA Journal of Automatica Sinica, vol. 7, no. 5, pp. 1326–1334, 2020.
    [6]
    X. Yang, L. Shu, J. Chen, M. A. Ferrag, J. Wu, E. Nurellari, and K. Huang, “A survey on smart agriculture: Development modes, technologies, and security and privacy challenges,” IEEE/CAA Journal of Automatica Sinica, vol. 8, no. 2, pp. 273–302, 2020.
    [7]
    X.-M. Zhang, Q.-L. Han, X. Ge, and L. Ding, “Resilient control design based on a sampled-data model for a class of networked control systems under denial-of-service attacks,” IEEE Trans. Cybernetics, vol. 50, no. 8, pp. 3616–3626, 2020. doi: 10.1109/TCYB.2019.2956137
    [8]
    I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. MIT Press, 2016.
    [9]
    D. Xiong, D. Zhang, X. Zhao, and Y. Zhao, “Deep learning for emg-based human-machine interaction: A review,” IEEE/CAA Journal of Automatica Sinica, vol. 8, no. 3, pp. 512–533, 2021. doi: 10.1109/JAS.2021.1003865
    [10]
    G. Lin, S. Wen, Q.-L. Han, J. Zhang, and Y. Xiang, “Software vulnerability detection using deep neural networks: A survey,” Proc. the IEEE, vol. 108, no. 10, pp. 1825–1848, 2020. doi: 10.1109/JPROC.2020.2993293
    [11]
    S. Liu, G. Lin, Q.-L. Han, S. Wen, J. Zhang, and Y. Xiang, “Deepbalance: Deep-learning and fuzzy oversampling for vulnerability detection,” IEEE Trans. Fuzzy Systems, vol. 28, no. 7, pp. 1329–1343, 2020.
    [12]
    R. Coulter, Q.-L. Han, L. Pan, J. Zhang, and Y. Xiang, “Code analysis for intelligent cyber systems: A datadriven approach,” Information Sciences, vol. 524, pp. 46–58, 2020. doi: 10.1016/j.ins.2020.03.036
    [13]
    J. Qiu, J. Zhang, L. Pan, W. Luo, S. Nepal, and Y. Xiang, “A survey of android malware detection with deep neural models,” ACM Computing Survey, vol. 53, no. 6, pp. 126:1–126:36, 2021.
    [14]
    M. Wang, T. Zhu, T. Zhang, J. Zhang, S. Yu, and W. Zhou, “Security and privacy in 6G networks: New areas and new challenges,” Digital Communications and Networks, vol. 6, no. 3, pp. 281–291, 2020. doi: 10.1016/j.dcan.2020.07.003
    [15]
    Y. Miao, C. Chen, L. Pan, Q.-L. Han, J. Zhang, and Y. Xiang, “Machine learning based cyber attacks targeting on controlled information: A survey,” ACM Computing Surveys, vol. 54, no. 7, Article No. 139, pp. 1–36, 2022.
    [16]
    J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun, and Y. Xiang, “Block design-based key agreement for group data sharing in cloud computing,” IEEE Trans. Dependable and Secure Computing, vol. 16, no. 6, pp. 996–1010, 2019. doi: 10.1109/TDSC.2017.2725953
    [17]
    Z. Liu, B. Li, Y. Huang, J. Li, Y. Xiang, and W. Pedrycz, “Newmcos: towards a practical multi-cloud oblivious storage scheme,” IEEE Trans. Knowledge and Data Engineering, vol. 32, no. 4, pp. 714–727, 2019.
    [18]
    C. S. Wickramasinghe, D. L. Marino, K. Amarasinghe, and M. Manic, “Generalization of deep learning for cyber-physical system security: A survey,” in Proc. the 44th Annual Conf. of the IEEE Industrial Electronics Society, 2018, pp. 745–751.
    [19]
    A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-physical systems security-A survey,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1802–1831, 2017. doi: 10.1109/JIOT.2017.2703172
    [20]
    D. Ding, Q.-L. Han, Y. Xiang, X. Ge, and X.-M. Zhang, “A survey on security control and attack detection for industrial cyber-physical systems,” Neurocomputing, vol. 275, pp. 1674–1683, 2018. doi: 10.1016/j.neucom.2017.10.009
    [21]
    Y. Ashibani and Q. H. Mahmoud, “Cyber physical systems security: Analysis, challenges and solutions,” Computers &Security, vol. 68, pp. 81–97, 2017.
    [22]
    D. Ding, Q.-L. Han, X. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Systems,Man,and Cybernetics:Systems, vol. 51, no. 1, pp. 176–190, 2021. doi: 10.1109/TSMC.2020.3041121
    [23]
    L. Ding, Q.-L. Han, B. Ning, and D. Yue, “Distributed resilient finite-time secondary control for heterogeneous battery energy storage systems under denial-of-service attacks,” IEEE Trans. Industrial Informatics, vol. 16, no. 7, pp. 4909–4919, 2020. doi: 10.1109/TII.2019.2955739
    [24]
    H. Wang, J. Ruan, G. Wang, B. Zhou, Y. Liu, X. Fu, and J. Peng, “Deep learning-based interval state estimation of ac smart grids against sparse cyber attacks,” IEEE Trans. Industrial Informatics, vol. 14, no. 11, pp. 4766–4778, 2018. doi: 10.1109/TII.2018.2804669
    [25]
    T. M. Mitchell, Machine learning. McGraw-Hill, Inc., New York, NY, USA, 1997.
    [26]
    M. Keshk, B. Turnbull, N. Moustafa, D. Vatsalan, and K.-K. R. Choo, “A privacy-preserving framework based blockchain and deep learning for protecting smart power networks,” IEEE Trans. Industrial Informatics, vol. 16, no. 8, 2020.
    [27]
    P. Krishnamurthy, F. Khorrami, R. Karri, D. Paul-Pena, and H. Salehghaffari, “Process-aware covert channels using physical instrumentation in cyber-physical systems,” IEEE Trans. Information Forensics and Security, vol. 13, no. 11, pp. 2761–2771, 2018. doi: 10.1109/TIFS.2018.2833063
    [28]
    M. Kravchik and A. Shabtai, “Efficient cyber attacks detection in industrial control systems using lightweight neural networks,” IEEE Trans. Dependable and Secure Computing, 2021. DOI: 10.1109/TDSC.2021.3050101
    [29]
    I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization.” in Proc. the 4th Int. Conf. on Information System Security Privacy, 2018, pp. 108–116.
    [30]
    N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, 2019. doi: 10.1016/j.future.2019.05.041
    [31]
    S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion detection system using data mining for power systems,” IEEE Trans. Smart Grid, vol. 6, no. 6, pp. 3104–3113, 2015. doi: 10.1109/TSG.2015.2409775
    [32]
    N. Moustafa and J. Slay, “The significant features of the unsw-nb15 and the kdd99 data sets for network intrusion detection systems,” in Proc. the 4th Int. Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2015, pp. 25–31.
    [33]
    W. Lee, S. J. Stolfo, and K. W. Mok, “A data mining framework for building intrusion detection models,” in Proc. the 1999 IEEE Symposium on Security and Privacy, 1999, pp. 120–132.
    [34]
    S. Axelsson, “The base-rate fallacy and the difficulty of intrusion detection,” ACM Trans. Information and System Security, vol. 3, no. 3, pp. 186–205, 2000. doi: 10.1145/357830.357849
    [35]
    S. Potluri, N. F. Henry, and C. Diedrich, “Evaluation of hybrid deep learning techniques for ensuring security in networked control systems,” in Proc. the 22nd IEEE Int. Conf. on Emerging Technologies and Factory Automation, 2017, pp. 1–8.
    [36]
    J. Wang, D. Shi, Y. Li, J. Chen, H. Ding, and X. Duan, “Distributed framework for detecting pmu data manipulation attacks with deep autoencoders,” IEEE Trans. Smart Grid, vol. 10, no. 4, pp. 4401–4410, 2018.
    [37]
    W. Yan, L. K. Mestha, and M. Abbaszadeh, “Attack detection for securing cyber physical systems,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8471–8481, 2019. doi: 10.1109/JIOT.2019.2919635
    [38]
    J. Ashraf, A. D. Bakhshi, N. Moustafa, H. Khurshid, A. Javed, and A. Beheshti, “Novel deep learning-enabled lstm autoencoder architecture for discovering anomalous events from intelligent transportation systems,” IEEE Trans. Intelligent Transportation Systems, vol. 22, no. 7, pp. 4507–4518, 2021. doi: 10.1109/TITS.2020.3017882
    [39]
    M.-J. Kang and J.-W. Kang, “Intrusion detection system using deep neural network for in-vehicle network security,” PloS One, vol. 11, no. 6, pp. 1–17, 2016.
    [40]
    M. Ashrafuzzaman, Y. Chakhchoukh, A. A. Jillepalli, P. T. Tosic, D. C. de Leon, F. T. Sheldon, and B. K. Johnson, “Detecting stealthy false data injection attacks in power grids using deep learning,” in Proc. the 14th Int. Wireless Communications & Mobile Computing Conf., 2018, pp. 219–225.
    [41]
    J. Inoue, Y. Yamagata, Y. Chen, C. M. Poskitt, and J. Sun, “Anomaly detection for a water treatment system using unsupervised machine learning,” in Proc. the 2017 IEEE Int. Conf. on Data Mining Workshops, 2017, pp. 1058–1065.
    [42]
    Q. Lin, S. Adepu, S. Verwer, and A. Mathur, “Tabor: A graphical model-based approach for anomaly detection in industrial control systems,” in Proc. the 2018 Asia Conf. on Computer and Communications Security, 2018, pp. 525–536.
    [43]
    M. Kravchik and A. Shabtai, “Detecting cyber attacks in industrial control systems using convolutional neural networks,” in Proc. the 2018 Workshop on Cyber-Physical Systems Security and Privacy, 2018, pp. 72–83.
    [44]
    H. M. Song, J. Woo, and H. K. Kim, “In-vehicle network intrusion detection using deep convolutional neural network,” Vehicular Communications, vol. 21, Article No. 100198, 2020. doi: 10.1016/j.vehcom.2019.100198
    [45]
    B. Li, Y. Wu, J. Song, R. Lu, T. Li, and L. Zhao, “Deepfed: Federated deep learning for intrusion detection in industrial cyber-physical systems,” IEEE Trans. Industrial Informatics, vol. 17, no. 8, pp. 5615–5624, 2021. doi: 10.1109/TII.2020.3023430
    [46]
    J. Goh, S. Adepu, M. Tan, and Z. S. Lee, “Anomaly detection in cyber physical systems using recurrent neural networks,” in Proc. the 18th IEEE Int. Symposium on High Assurance Systems Engineering, 2017, pp. 140–145.
    [47]
    C. Feng, T. Li, and D. Chana, “Multi-level anomaly detection in industrial control systems via package signatures and lstm networks,” in Proc. the 47th Annual IEEE/IFIP Int. Conf. on Dependable Systems and Networks, 2017, pp. 261–272.
    [48]
    M. A. Ferrag and L. Maglaras, “Deepcoin: A novel deep learning and blockchain-based energy exchange framework for smart grids,” IEEE Trans. Engineering Management, vol. 67, no. 4, pp. 1285–1297, 2020. doi: 10.1109/TEM.2019.2922936
    [49]
    E. Habler and A. Shabtai, “Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages,” Computers &Security, vol. 78, pp. 155–173, 2018.
    [50]
    B. Jiang, J. Yang, G. Ding, and H. Wang, “Cyber-physical security design in multimedia data cache resource allocation for industrial networks,” IEEE Trans. Industrial Informatics, vol. 15, no. 12, pp. 6472–6480, 2019. doi: 10.1109/TII.2019.2917693
    [51]
    H. Wang, J. Ruan, Z. Ma, B. Zhou, X. Fu, and G. Cao, “Deep learning aided interval state prediction for improving cyber security in energy internet,” Energy, vol. 174, pp. 1292–1304, 2019. doi: 10.1016/j.energy.2019.03.009
    [52]
    Y. Li and Y. Wang, “Developing graphical detection techniques for maintaining state estimation integrity against false data injection attack in integrated electric cyberphysical system,” Journal of Systems Architecture, vol. 105, Article No. 101705, 2020. doi: 10.1016/j.sysarc.2019.101705
    [53]
    G. Tello, O. Y. Al-Jarrah, P. D. Yoo, Y. Al-Hammadi, S. Muhaidat, and U. Lee, “Deep-structured machine learning model for the recognition of mixed-defect patterns in semiconductor fabrication processes,” IEEE Trans. Semiconductor Manufacturing, vol. 31, no. 2, pp. 315–322, 2018. doi: 10.1109/TSM.2018.2825482
    [54]
    Z. Shen, X. Shang, M. Zhao, X. Dong, G. Xiong, and F.- Y. Wang, “A learning-based framework for error compensation in 3D printing,” IEEE Trans. Cybernetics, vol. 49, no. 11, pp. 4042–4050, 2019. doi: 10.1109/TCYB.2019.2898553
    [55]
    J. Zhang, Y. Xiang, Y. Wang, W. Zhou, Y. Xiang, and Y. Guan, “Network traffic classification using correlation information,” IEEE Trans. Parallel and Distributed systems, vol. 24, no. 1, pp. 104–117, 2013. doi: 10.1109/TPDS.2012.98
    [56]
    J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu, “Robust network traffic classification,” IEEE/ACM Trans. Networking, vol. 23, no. 4, pp. 1257–1270, 2015. doi: 10.1109/TNET.2014.2320577
    [57]
    R. Coulter, Q.-L. Han, L. Pan, J. Zhang, and Y. Xiang, “Data-driven cyber security in perspective-intelligent traffic analysis,” IEEE Trans. Cybernetics, vol. 50, no. 7, pp. 3081–3093, 2020. doi: 10.1109/TCYB.2019.2940940
    [58]
    R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security &Privacy, vol. 9, no. 3, pp. 49–51, 2011.
    [59]
    A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities,” IEEE Communications Surveys &Tutorials, vol. 21, no. 2, pp. 1851–1877, 2019.
    [60]
    L. Liu, O. De Vel, Q.-L. Han, J. Zhang, and Y. Xiang, “Detecting and preventing cyber insider threats: A survey,” IEEE Communications Surveys &Tutorials, vol. 20, no. 2, pp. 1397–1417, 2018.
    [61]
    N. Sun, J. Zhang, P. Rimba, S. Gao, L. Y. Zhang, and Y. Xiang, “Data-driven cybersecurity incident prediction: A survey,” IEEE Communications Surveys &Tutorials, vol. 21, no. 2, pp. 1744–1772, 2019.
    [62]
    R. S. Sutton and A. G. Barto, Reinforcement learning: An introduction. MIT press, 2018.
    [63]
    T. Akazaki, S. Liu, Y. Yamagata, Y. Duan, and J. Hao, “Falsification of cyber-physical systems using deep reinforcement learning,” in Proc. the 2018 Int. Symposium on Formal Methods, Springer, 2018, pp. 456–465.
    [64]
    V. Mnih, K. Kavukcuoglu, D. Silver, A. A. Rusu, J. Veness, M. G. Bellemare, A. Graves, M. Riedmiller, A. K. Fidjeland, G. Ostrovski, et al, “Human-level control through deep reinforcement learning,” Nature, vol. 518, no. 7540, pp. 529–533, 2015. doi: 10.1038/nature14236
    [65]
    J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv: 1810.04805, 2018.
    [66]
    U. Bhatt, A. Xiang, S. Sharma, A. Weller, A. Taly, Y. Jia, J. Ghosh, R. Puri, J. M. Moura, and P. Eckersley, “Explainable machine learning in deployment,” in Proc. the 2020 Conf. on Fairness, Accountability, and Transparency, 2020, pp. 648–657.
    [67]
    W. Guo, D. Mu, J. Xu, P. Su, G. Wang, and X. Xing, “Lemna: Explaining deep learning based security applications,” in Proc. the 2018 ACM SIGSAC Conf. on Computer and Communications Security, 2018, pp. 364–379.
    [68]
    I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” in Proc. the Int. Conf. on Learning Representations, 2015, pp. 1–11.
    [69]
    X. Chen, C. Li, D. Wang, S. Wen, J. Zhang, S. Nepal, Y. Xiang, and K. Ren, “Android HIV: A study of repackaging malware for evading machine-learning detection,” IEEE Trans. Information Forensics and Security, vol. 15, pp. 987–1001, 2020. doi: 10.1109/TIFS.2019.2932228
    [70]
    B. Biggio and F. Roli, “Wild patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognition, vol. 84, pp. 317–331, 2018. doi: 10.1016/j.patcog.2018.07.023
    [71]
    F. Tramèr, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, “Stealing machine learning models via prediction APIs,” in Proc. the 25th USENIX Security Symposium, 2016, pp. 601–618.
    [72]
    H.-K. Shin, W. Lee, J.-H. Yun, and H. Kim, “Implementation of programmable CPS testbed for anomaly detection,” in Proc. the 12th USENIX Workshop on Cyber Security Experimentation and Test, 2019 (https://www.usenix.org/system/files/cset19-papershin.pdf).
    [73]
    S. Choi, J. Choi, J.-H. Yun, B.-G. Min, and H. Kim, “Expansion of ics testbed for security validation based on mitre attack techniques,” in Proc. the 13th USENIX Workshop on Cyber Security Experimentation and Test, 2020 (https://www.usenix.org/system/files/cset20-paper-choi.pdf).
    [74]
    M. Conti, D. Donadel, and F. Turrin, “A survey on industrial control system testbeds and datasets for security research,” arXiv preprint arXiv: 2102.05631, 2021.
    [75]
    F. Pendlebury, F. Pierazzi, R. Jordaney, J. Kinder, and L. Cavallaro, “Tesseract: Eliminating experimental bias in malware classification across space and time,” in Proc. the 28th USENIX Security Symposium, 2019, pp. 729–746.

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(2)  / Tables(2)

    Article Metrics

    Article views (3836) PDF downloads(727) Cited by()

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return