International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Detecting Anomalies, Sabotage, and Malicious Acts in a Cyber-physical System Using Fractal Dimension Based on Higuchi's Algorithm

  • Received : 2023.04.05
  • Published : 2023.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

With the global rise of digital data, the uncontrolled quantity of data is susceptible to cyber warfare or cyber attacks. Therefore, it is necessary to improve cyber security systems. This research studies the behavior of malicious acts and uses Higuchi Fractal Dimension (HFD), which is a non-linear mathematical method to examine the intricacy of the behavior of these malicious acts and anomalies within the cyber physical system. The HFD algorithm was tested successfully using synthetic time series network data and validated on real-time network data, producing accurate results. It was found that the highest fractal dimension value was computed from the DoS attack time series data. Furthermore, the difference in the HFD values between the DoS attack data and the normal traffic data was the highest. The malicious network data and the non-malicious network data were successfully classified using the Receiver Operating Characteristics (ROC) method in conjunction with a scaling stationary index that helps to boost the ROC technique in classifying normal and malicious traffic. Hence, the suggested methodology may be utilized to rapidly detect the existence of abnormalities in traffic with the aim of further using other methods of cyber-attack detection.

Keywords

References

  1. C.-W. Ten, G. Manimaran, and C.-C. Liu, "Cybersecurity for Critical Infrastructures: Attack and Defense Modeling," IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, vol. 40, no. 4. Institute of Electrical and Electronics Engineers (IEEE), pp. 853-865, Jul-2010. https://doi.org/10.1109/TSMCA.2010.2048028
  2. A. Calderon Godoy and I. Gonzalez Perez, "Integration of Sensor and Actuator Networks and the SCADA System to Promote the Migration of the Legacy Flexible Manufacturing System towards the Industry 4.0 Concept," Journal of Sensor and Actuator Networks, vol. 7, no. 2. MDPI AG, p. 23, 21-May-2018.
  3. N. Jiang, H. Lin, Z. Yin, and C. Xi, "Research of paired industrial firewalls in defense-in-depth architecture of integrated manufacturing or production system," 2017 IEEE International Conference on Information and Automation (ICIA). IEEE, Jul-2017.
  4. A. Bujari, M. Furini, F. Mandreoli, R. Martoglia, M. Montangero, and D. Ronzani, "Standards, Security and Business Models: Key Challenges for the IoT Scenario," Mobile Networks and Applications, vol. 23, no. 1. Springer Science and Business Media LLC, pp. 147-154, 20-Feb-2017.
  5. X. Bellekens, R. Atkinson, A. Seeam, C. Tachtatzis, I. Andonovic, and K. Nieradzinska, "Cyber-Physical-Security Model for Safety-Critical IoT Infrastructures," figshare, 2016.
  6. I. Ahmed, V. Roussev, W. Johnson, S. Senthivel, and S. Sudhakaran, "A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy," Proceedings of the 2nd Annual Industrial Control System Security Workshop on - ICSS '16. ACM Press, 2016.
  7. E.T. Jensen, "Computer attacks on critical national infrastructure: A use of force invoking the right of self-defense," Stan. J. Int'l L. 38, 207, 2002.
  8. E.E. Tan, "Cyber deterrence in Singapore: Framework & recommendations," 2018.
  9. B. B. Gupta, D. P. Agrawal, S. Yamaguchi, N. A. G. Arachchilage, and S. Veluru, "Editorial security, privacy, and forensics in the critical infrastructure: advances and future directions," Annals of Telecommunications, vol. 72, no. 9-10. Springer Science and Business Media LLC, pp. 513-515, 14-Sep-2017. https://doi.org/10.1007/s12243-017-0607-2
  10. I. Kotenko, I. Saenko, O. Lauta, and A. Kribel, "An Approach to Detecting Cyber Attacks against Smart Power Grids Based on the Analysis of Network Traffic Self-Similarity," Energies, vol. 13, no. 19. MDPI AG, p. 5031, 24-Sep-2020.
  11. W. E. Leland, M. S. Taqqu, W. Willinger, and D. V. Wilson, "On the self-similar nature of Ethernet traffic," ACM SIGCOMM Computer Communication Review, vol. 23, no. 4. Association for Computing Machinery (ACM), pp. 183-193, Oct-1993. https://doi.org/10.1145/167954.166255
  12. B. Vamanu and M. Masera, "Understanding Malicious Attacks Against Infrastructures - Overview on the Assessment and Management of Threats and Attacks to Industrial Control Systems". EUR 23681 EN. Luxembourg (Luxembourg): OPOCE; 2008.
  13. J. Slay and M. Miller, "Lessons Learned from the Maroochy Water Breach," IFIP International Federation for Information Processing. Springer US, pp. 73-82.
  14. J. P. Conti, "The day the samba stopped [power blackouts]," Engineering & Technology, vol. 5, no. 4. Institution of Engineering and Technology (IET), pp. 46-47, 06-Mar-2010. https://doi.org/10.1049/et.2010.0410
  15. S. Kuvshinkova, "SQL Slammer worm lessons learned for consideration by the electricity sector," North American Electric Reliability Council, 2003.
  16. J. P. Farwell and R. Rohozinski, "Stuxnet and the Future of Cyber War," Survival, vol. 53, no. 1. Informa UK Limited, pp. 23-40, 2011. https://doi.org/10.1080/00396338.2011.555586
  17. G. Richards, "Hackers vs slackers," Engineering & technology, vol. 3, no. 19, pp. 40-43, 2008 https://doi.org/10.1049/et:20080602
  18. A. L. Buczak and E. Guven, "A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2. Institute of Electrical and Electronics Engineers (IEEE), pp. 1153-1176, 2016. https://doi.org/10.1109/COMST.2015.2494502
  19. E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R. Atkinson, "Shallow and deep networks intrusion detection system: A taxonomy and survey." arXiv preprint arXiv:1701.02145, pp. 1-43, 2017.
  20. P. Ravi Kiran Varma, V. Valli Kumari, and S. Srinivas Kumar, "A Survey of Feature Selection Techniques in Intrusion Detection System: A Soft Computing Perspective," Advances in Intelligent Systems and Computing. Springer Singapore, pp. 785-793, 2018.
  21. H. Debar, M. Dacier, and A. Wespi, "Towards a taxonomy of intrusion detection systems." pp. 805-822, 1999. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1389128698000176
  22. S. H. Amer and J. Hamilton, "Intrusion detection systems (IDS) taxonomy - a short review." Defense Cyber Security, vol. 13, no. 2, pp. 23-30, 2010.
  23. T. Hamed, J. B. Ernst, and S. C. Kremer, "A Survey and Taxonomy of Classifiers of Intrusion Detection Systems," Computer and Network Security Essentials. Springer International Publishing, pp. 21-39, 13-Aug-2017.
  24. I. Amit, J. Matherly, W. Hewlett, Z. Xu, Y. Meshi, and Y. Weinberger, "Machine learning in cyber-security - problems, challenges and data sets." arXiv preprint arXiv:1812.07858, pp. 1-8, 2018.
  25. I. Butun, S. D. Morgera, and R. Sankar, "A survey of intrusion detection systems in wireless sensor networks." IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 266-282, 2014. https://doi.org/10.1109/SURV.2013.050113.00191
  26. C. Zhou, S. Huang, N. Xiong, S.-H. Yang, H. Li, Y. Qin, and X. Li, "Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation." IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 45, no. 10, pp. 1345-1360, 2015. https://doi.org/10.1109/TSMC.2015.2415763
  27. S. M. Ghaffarian and H. R. Shahriari, "Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey." ACM Computing Surveys (CSUR), vol. 50, no. 4, p. 56, 2017.
  28. P. M. Laso, D. Brosset, and J. Puentes, "Dataset of anomalies and malicious acts in a cyber-physical subsystem," Data in Brief, vol. 14. Elsevier BV, pp. 186-191, Oct-2017. https://doi.org/10.1016/j.dib.2017.07.038
  29. D. K. Saini, "A mathematical model for the effect of malicious object on computer network immune system," Applied Mathematical Modelling, vol. 35, no. 8. Elsevier BV, pp. 3777-3787, Aug-2011.
  30. T. Higuchi, "Approach to an irregular time series on the basis of the fractal theory," Physica D: Nonlinear Phenomena, vol. 31, no. 2. Elsevier BV, pp. 277-283, Jun-1988. https://doi.org/10.1016/0167-2789(88)90081-4
  31. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, "Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation," Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00. IEEE Comput. Soc.
  32. M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009.
  33. N. Moustafa and J. Slay, "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," 2015 Military Communications and Information Systems Conference (MilCIS). IEEE, Nov-2015.