Show simple item record

dc.contributor.authorOrtega Fernández, Inés 
dc.contributor.authorSestelo Perez, Marta 
dc.contributor.authorBurguillo Rial, Juan Carlos 
dc.contributor.authorPiñón Blanco, Camilo
dc.date.accessioned2023-02-06T09:39:13Z
dc.date.available2023-02-06T09:39:13Z
dc.date.issued2023-01-05
dc.identifier.citationWireless Networks, (2023)spa
dc.identifier.issn10220038
dc.identifier.issn15728196
dc.identifier.urihttp://hdl.handle.net/11093/4419
dc.description.abstractAnomaly detection in industrial control and cyber-physical systems has gained much attention over the past years due to the increasing modernisation and exposure of industrial environments. Current dangers to the connected industry include the theft of industrial intellectual property, denial of service, or the compromise of cloud components; all of which might result in a cyber-attack across the operational network. However, most scientific work employs device logs, which necessitate substantial understanding and preprocessing before they can be used in anomaly detection. In this paper, we propose a network intrusion detection system (NIDS) architecture based on a deep autoencoder trained on network flow data, which has the advantage of not requiring prior knowledge of the network topology or its underlying architecture. Experimental results show that the proposed model can detect anomalies, caused by distributed denial of service attacks, providing a high detection rate and low false alarms, outperforming the state-of-the-art and a baseline model in an unsupervised learning environment. Furthermore, the deep autoencoder model can detect abnormal behaviour in legitimate devices after an attack. We also demonstrate the suitability of the proposed NIDS in a real industrial plant from the alimentary sector, analysing the false positive rate and the viability of the data generation, filtering and preprocessing procedure for a near real time scenario. The suggested NIDS architecture is a low-cost solution that uses only fifteen network-based features, requires minimal processing, operates in unsupervised mode, and is straightforward to deploy in real-world scenarios.spa
dc.description.sponsorshipAxencia Galega de Innovación | Ref. IN854A 2019/15spa
dc.description.sponsorshipCentro para el Desarrollo Tecnológico Industrial | Ref. CER-20191012spa
dc.description.sponsorshipAgencia Estatal de Investigación | Ref. MTM2017-89422-Pspa
dc.description.sponsorshipFinanciado para publicación en acceso aberto: Universidade de Vigo/CISUG
dc.language.isoengspa
dc.publisherWireless Networksspa
dc.relationinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2013-2016/MTM2017-89422-P/NUEVOS AVANCES METODOLOGICOS Y COMPUTATIONALES EN ESTADISTICA NO PARAMETRICA Y SEMIPARAMETRICA
dc.rightsAttribution 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/
dc.titleNetwork intrusion detection system for DDoS attacks in ICS using deep autoencodersen
dc.typearticlespa
dc.rights.accessRightsopenAccessspa
dc.identifier.doi10.1007/s11276-022-03214-3
dc.identifier.editorhttps://link.springer.com/10.1007/s11276-022-03214-3spa
dc.publisher.departamentoEstatística e investigación operativaspa
dc.publisher.departamentoEnxeñaría telemáticaspa
dc.publisher.grupoinvestigacionInferencia Estatística, Decisión e Investigación Operativaspa
dc.publisher.grupoinvestigacionGrupo de Tecnoloxías da Informaciónspa
dc.subject.unesco1203.04 Inteligencia Artificialspa
dc.date.updated2023-02-01T11:21:48Z
dc.computerCitationpub_title=Wireless Networks|volume=|journal_number=|start_pag=|end_pag=spa


Files in this item

[PDF]

    Show simple item record

    Attribution 4.0 International
    Except where otherwise noted, this item's license is described as Attribution 4.0 International