A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network

Shixiang ZHU
Xiao MA

IEICE TRANSACTIONS on Information and Systems   Vol.E100-D    No.8    pp.1780-1789
Publication Date: 2017/08/01
Publicized: 2017/05/18
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016ICP0005
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Industrial Control System Security
anomaly detection,  industrial control network,  GBRBM,  RNN-GBRBM,  osPCA,  semi-supervised,  

Full Text: PDF(1.4MB)>>
Buy this Article

As advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.

open access publishing via