For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network
Hua ZHANG Shixiang ZHU Xiao MA Jun ZHAO Zeng SHOU
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/08/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Industrial Control System Security
anomaly detection, industrial control network, GBRBM, RNN-GBRBM, osPCA, semi-supervised,
Full Text: PDF>>
As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.