WoS İndeksli Yayınlar Koleksiyonu

Permanent URI for this collectionhttps://hdl.handle.net/20.500.12573/394

Browse

Filters

2021 - 20248

Settings

Subject: search.filters.subject.Intrusion Detection

Search Results

Now showing 1 - 8 of 8
  • Conference Object
    Security Through Digital Twin-Based Intrusion Detection: A Swat Dataset Analysis
    (IEEE, 2023-10-18) Bozdal, Mehmet
    Digital twin, as a virtual replica of physical entity, offer valuable insights into Industrial Control System (ICS) behavior and characteristics. Leveraging the convergence of digital twins and cybersecurity, this research explores its role in securing critical infrastructure, using the Secure Water Treatment (SWaT) system as a case study. Existing intrusion detection systems (IDS) for SWaT encounter challenges related to requiring huge amounts of a dataset for training, being unable to adopt high data dimensionality, and adaptability to emerging threats. To address these issues, a hybrid digital twin model is proposed, combining physics-based models and data-driven approaches. This model facilitates precise attack localization and explainable IDS outcomes. The method exhibits promising capabilities for enhancing critical infrastructure security and adapting to evolving cyber threats. Experimental results demonstrate the ability to detect eight out of nine attack types.
  • Conference Object
    Temporal Logic-Based Intrusion Detection for Securing Connected Vehicles
    (Springer International Publishing AG, 2024) Bozdal, Mehmet
    Ensuring the security and integrity of in-vehicle communication networks (IVCNs) is paramount. The increasing connectivity of vehicles exposes them to unprecedented security vulnerabilities, necessitating innovative methodologies to safeguard against cyberattacks and unauthorized access. This research presents a novel approach to enhance IVCN security through the deployment of a Signal Temporal Logic (STL)-based Intrusion Detection System (IDS). Considering the limited resources of Electronic Control Units (ECUs), this approach offers an adaptive and lightweight solution that addresses the unique challenges posed by the dynamic nature of vehicular networks. The proposed STL-based IDS effectively detects a broad spectrum of intrusions while maintaining acceptable overhead for resource-constrained ECUs, thanks to its distributed architecture. Comprehensive experimental evaluations demonstrate significant performance improvements in detecting Denial of Service (DoS) attacks, achieving the highest accuracy of 0.996 and recall of 1.000. The system also excels in detecting fuzzy attacks, with the highest accuracy of 0.996.
  • Conference Object
    Citation - Scopus: 3
    Security Through Digital Twin-Based Intrusion Detection: A SwaT Dataset Analysis
    (Institute of Electrical and Electronics Engineers Inc., 2023-10-18) Bozdal, Mehmet
    Digital twin, as a virtual replica of physical entity, offer valuable insights into Industrial Control System (ICS) behavior and characteristics. Leveraging the convergence of digital twins and cybersecurity, this research explores its role in securing critical infrastructure, using the Secure Water Treatment (SWaT) system as a case study. Existing intrusion detection systems (IDS) for SWaT encounter challenges related to requiring huge amounts of a dataset for training, being unable to adopt high data dimensionality, and adaptability to emerging threats. To address these issues, a hybrid digital twin model is proposed, combining physics-based models and data-driven approaches. This model facilitates precise attack localization and explainable IDS outcomes. The method exhibits promising capabilities for enhancing critical infrastructure security and adapting to evolving cyber threats. Experimental results demonstrate the ability to detect eight out of nine attack types. © 2024 Elsevier B.V., All rights reserved.
  • Article
    Citation - WoS: 63
    Citation - Scopus: 107
    Research Article Energy Consumption of On-Device Machine Learning Models for IoT Intrusion Detection
    (Elsevier, 2023-04) Tekin, Nazli; Acar, Abbas; Aris, Ahmet; Uluagac, A. Selcuk; Gungor, Vehbi Cagri
    Recently, Smart Home Systems (SHSs) have gained enormous popularity with the rapid development of the Internet of Things (IoT) technologies. Besides offering many tangible benefits, SHSs are vulnerable to attacks that lead to security and privacy concerns for SHS users. Machine learning (ML)-based Intrusion Detection Systems (IDS) are proposed to address such concerns. Conventionally, ML models are trained and tested on computationally powerful platforms such as cloud services. Nevertheless, the data shared with the cloud is vulnerable to privacy attacks and causes latency, which decreases the performance of real-time applications like intrusion detection systems. Therefore, on-device ML models, in which the user data is kept locally, have emerged as promising solutions to ensure the security and privacy of the data for real-time applications. However, performing ML tasks requires high energy consumption. To the best of our knowledge, no study has been conducted to analyze the energy consumption of ML-based IDS. Therefore, in this paper, we perform a comparative analysis of on-device ML algorithms in terms of energy consumption for IoT intrusion detection applications. For a thorough analysis, we study the training and inference phases separately. For training, we compare the cloud computing-based ML, edge computing-based ML, and IoT device-based ML approaches. For the inference, we evaluate the TinyML approach to run the ML algorithms on tiny IoT devices such as Micro Controller Units (MCUs). Comparative performance evaluations show that deploying the Decision Tree (DT) algorithm on-device gives better results in terms of training time, inference time, and power consumption.
  • Article
    Citation - Scopus: 6
    Network Intrusion Detection Based on Machine Learning Strategies: Performance Comparisons on Imbalanced Wired, Wireless, and Software-Defined Networking (SDN) Network Traffics
    (Turkiye Klinikleri, 2024-07-26) Hacilar, Hilal; Aydin, Zafer; Güngör, Vehbi Çağrı
    The rapid growth of computer networks emphasizes the urgency of addressing security issues. Organizations rely on network intrusion detection systems (NIDSs) to protect sensitive data from unauthorized access and theft. These systems analyze network traffic to detect suspicious activities, such as attempted breaches or cyberattacks. However, existing studies lack a thorough assessment of class imbalances and classification performance for different types of network intrusions: wired, wireless, and software-defined networking (SDN). This research aims to fill this gap by examining these networks’ imbalances, feature selection, and binary classification to enhance intrusion detection system efficiency. Various techniques such as SMOTE, ROS, ADASYN, and SMOTETomek are used to handle imbalanced datasets. Additionally, eXtreme Gradient Boosting (XGBoost) identifies key features, and an autoencoder (AE) assists in feature extraction for the classification task. The study evaluates datasets such as AWID, UNSW, and InSDN, yielding the best results with different numbers of selected features. Bayesian optimization fine-tunes parameters, and diverse machine learning algorithms (SVM, kNN, XGBoost, random forest, ensemble classifiers, and autoencoders) are employed. The optimal results, considering F1-measure, overall accuracy, detection rate, and false alarm rate, have been achieved for the UNSW-NB15, preprocessed AWID, and InSDN datasets, with values of [0.9356, 0.9289, 0.9328, 0.07597], [0.997, 0.9995, 0.9999, 0.0171], and [0.9998, 0.9996, 0.9998, 0.0012], respectively. These findings demonstrate that combining Bayesian optimization with oversampling techniques significantly enhances classification performance across wired, wireless, and SDN networks when compared to previous research conducted on these datasets. © 2024 Elsevier B.V., All rights reserved.
  • Article
    Citation - WoS: 53
    Citation - Scopus: 70
    Machine Learning-Based Intrusion Detection for Achieving Cybersecurity in Smart Grids Using IEC 61850 Goose Messages
    (MDPI, 2021-05-08) Ustun, Taha Selim; Hussain, S. M. Suhail; Ulutas, Ahsen; Onen, Ahmet; Roomi, Muhammad M.; Mashima, Daisuke; Suhail Hussain, S.M.
    Increased connectivity is required to implement novel coordination and control schemes. IEC 61850-based communication solutions have become popular due to many reasons-object-oriented modeling capability, interoperable connectivity and strong communication protocols, to name a few. However, communication infrastructure is not well-equipped with cybersecurity mechanisms for secure operation. Unlike online banking systems that have been running such security systems for decades, smart grid cybersecurity is an emerging field. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smart grids utilizing IEC 61850's Generic Object-Oriented Substation Event (GOOSE) messages. The system is developed with machine learning and is able to monitor the communication traffic of a given power system and distinguish normal events from abnormal ones, i.e., attacks. The designed system is implemented and tested with a realistic IEC 61850 GOOSE message dataset under symmetric and asymmetric fault conditions in the power system. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smart grids have intrusion detection in addition to cybersecurity features attached to exchanged messages.
  • Article
    Citation - WoS: 13
    Citation - Scopus: 15
    Comparative Analysis of Dimensionality Reduction Techniques for Cybersecurity in the SwaT Dataset
    (Springer, 2023-07-08) Bozdal, Mehmet; Ileri, Kadir; Ozkahraman, Ali
    The Internet of Things (IoT) has revolutionized the functionality and efficiency of distributed cyber-physical systems, such as city-wide water treatment systems. However, the increased connectivity also exposes these systems to cybersecurity threats. This research presents a novel approach for securing the Secure Water Treatment (SWaT) dataset using a 1D Convolutional Neural Network (CNN) model enhanced with a Gated Recurrent Unit (GRU). The proposed method outperforms existing methods by achieving 99.68% accuracy and an F1 score of 98.69%. Additionally, the paper explores dimensionality reduction methods, including Autoencoders, Generalized Eigenvalue Decomposition (GED), and Principal Component Analysis (PCA). The research findings highlight the importance of balancing dimensionality reduction with the need for accurate intrusion detection. It is found that PCA provided better performance compared to the other techniques, as reducing the input dimension by 90.2% resulted in only a 2.8% and 2.6% decrease in the accuracy and F1 score, respectively. This study contributes to the field by addressing the critical need for robust cybersecurity measures in IoT-enabled water treatment systems, while also considering the practical trade-off between dimensionality reduction and intrusion detection accuracy.
  • Article
    Citation - WoS: 47
    Citation - Scopus: 68
    Artificial Intelligence Based Intrusion Detection System for IEC 61850 Sampled Values Under Symmetric and Asymmetric Faults
    (IEEE-Inst Electrical Electronics Engineers Inc, 2021) Ustun, Taha Selim; Hussain, S. M. Suhail; Yavuz, Levent; Onen, Ahmet
    Modern power systems require increased connectivity to implement novel coordination and control schemes. Wide-spread use of information technology in smartgrid domain is an outcome of this need. IEC 61850-based communication solutions have become popular due to a myriad of reasons. Object-oriented modeling capability, interoperable connectivity and strong communication protocols are to name a few. However, power system communication infrastructure is not well-equipped with cybersecurity mechanisms for safe operation. Unlike online banking systems that have been running such security systems for decades, smartgrid cybersecurity is an emerging field. A recent publication aimed at equipping IEC 61850-based communication with cybersecurity features, i.e. IEC 62351, only focuses on communication layer security. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smartgrids utilizing IEC 61850's Sampled Value (SV) messages. The system is developed with machine learning and is able to monitor communication traffic of a given power system and distinguish normal data measurements from falsely injected data, i.e. attacks. The designed system is implemented and tested with realistic IEC 61850 SV message dataset. Tests are performed on a Modified IEEE 14-bus system with renewable energy-based generators where different fault are applied. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smartgrids have intrusion detection in addition to cybersecurity features attached to exchanged messages.