Abstract

     Today, industry 4.0 is becoming a major target for cybercriminals due to its hyper-connectivity. Fortunately, there are several advanced means of securing industrial systems such as Intrusion Detection Systems (IDS). However, one of the main limitations of industrial IDS is the high rate of false positives and how to distinguish a real attack from an industrial failure. This paper deals precisely with the two latter points and proposes a way to reduce the rate of false positives and to distinguish attacks from industrial failures. The proposed approach combines two kinds of IDS using Neural Network (NN) through a Decision Making System (DMS). It was tested on a real industrial environment. The performance results are promising with a high percentage of accuracy and a low false positive rate.

Introduction

     Nowadays, Industrial Control Systems (ICS) exist in many different industrial sectors such as meatpacking, chemistry, construction, automotive, electronics industry. But also in vital industrial sectors such as energy, health, military and food sectors. Therefore, the suspension or the stopping of these systems could be costly for industrialists and cause consequent damage. Today, securing such equipment becomes more than necessary. Over the past decade, industry has become the center of attackers’ focus and has been the victim of several attacks starting with Stuxnet, Black Energy, WannaCry. This wave of attacks has been succeeded by several ransomware attacks in 2020 during the coronavirus pandemic, especially with the increase in the number of remote workers and a lack of security in this new working model [1]. Kaspersky’s ICS CERT researchers forecast a list of attacks likely to target industries in 2023 [2]. Among these attacks are phishing pages and emails, Torjans, N-day vulnerabilities, attacks on cloud services, exploiting vulnerabilities in legitimate software, the spread of malware via removable media …

This cyber-criminality phenomenon is favored with the emergence of the industry 4.0. This 4th industrial revolution is characterized by the convergence of the worlds of Information Technology (IT) and Operation Technology (OT), the huge amount of generated data, the use of Cloud as new storage means. All these reasons increase the risk of cyber attacks in industry.

Fortunately, there are several solutions to secure the industry and its equipment. Among these mechanisms, we mention firewalls, anti-virus, auditing processes and IDS. Each of these securing mechanisms has a specific role such as detecting and removing malware, preventing unauthorized access or detecting intrusions by IDS. These latter give visibility to the system’s activities, which allows a timely detection and response to any suspicious events [3], [4].

Conclusions

     BIANO-IDS is a new intrusion detection approach combining two kinds of IDS: anomaly-based IDS and specification-based IDS. The approach has been tested on a real environment and the detection accuracy rate is high in addition to the different performance metrics. However, to further improve performance metrics, we intend to explore other traces such as system logs and apply reduction or selection features methods in the future to improve the computation and training time of neural networks.