Your search keyword '"Fernández Maimó, Lorenzo"' showing total 6 results

1. Dynamic management of a deep learning-based anomaly detection system for 5G networks

Author

Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, Gil Pérez, Manuel, García Clemente, Félix J., and Martínez Pérez, Gregorio

Published

2019

2. An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios.

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, and García Clemente, Félix J.

Subjects

ANOMALY detection (Computer security), INTRUSION detection systems (Computer security), CYBERTERRORISM, DEEP learning, MACHINE learning, SUPERVISED learning

Abstract

When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black‐box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi‐supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi‐supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1‐score of 0.9711. [ABSTRACT FROM AUTHOR]

Published

2023

3. 31 Review of MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, and García Clemente, Félix J.

Subjects

critical infrastructures, machine learning, industrial control systems, deep learning, anomaly detection

Abstract

Diverse cyberattack detection systems have been proposed over the years in the context of Industrial Control Systems (ICS). However, the lack of standard methodologies to detect cyberattacks in industrial scenarios prevents researchers from accurately comparing proposals and results. In this work, we present MADICS, a methodology to detect cyberattacks in industrial scenarios that intends to be a guideline for future works in the field. In order to validate MADICS, we used the popular SWaT dataset, which was collected from a fully operational water treatment plant. The experiments showed that following MADICS, we achieved state-of-the-art precision of 0.984, as well as a recall of 0.750 and F1-score of 0.851, above the average of other works, proofing that the proposed methodology is suitable to be used in real industrial scenarios.

Published

2021

4. SafeMan: A unified framework to manage cybersecurity and safety in manufacturing industry.

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, García Clemente, Félix J., Gil Pérez, Manuel, and Martínez Pérez, Gregorio

Subjects

INDUSTRIAL safety, INTRUSION detection systems (Computer security), INDUSTRIAL controls manufacturing, MANUFACTURING processes, DEEP learning, MANUFACTURING industries

Abstract

Summary: Industrial control systems (ICS) are considered cyber‐physical systems that join both cyber and physical worlds. Due to their tight interaction, where humans and robots co‐work and co‐inhabit in the same workspaces and production lines, cyber‐attacks targeting ICS can alter production processes and even bypass safety procedures. As an example, these cyber‐attacks could interrupt physical industrial processes and cause potential injuries to workers. In this article, we present SafeMan, a unified management framework based on the Edge Computing paradigm that provides high‐performance applications for the detection and mitigation of both cyber‐attacks and safety threats in industrial scenarios. Three use cases show specific threats in manufacturing as well as the SafeMan actions carried out to detect and mitigate them. In order to validate our proposal, a pool of experiments was performed with Electra, an industrial dataset with normal network traffic and different cyber‐attacks by using a given number of Modbus TCP and S7Comm devices. The experiments measured the runtime performance of anomaly detection techniques based on machine learning and deep learning to detect cyber‐attacks in control networks. The experimental results show that Neural Networks report the best performance, being able to examine 217 feature vectors per second over Electra, and therefore demonstrating that it can be used as detection model for SafeMan in real scenarios. [ABSTRACT FROM AUTHOR]

Published

2021

5. VAASI: Crafting valid and abnormal adversarial samples for anomaly detection systems in industrial scenarios.

Author

Perales Gómez, Angel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, and García Clemente, Félix J.

Subjects

*ANOMALY detection (Computer security), *DEEP learning, *ARTIFICIAL intelligence, *RANDOM forest algorithms, *INTERNET security

Abstract

In the realm of industrial anomaly detection, machine and deep learning models face a critical vulnerability to adversarial attacks. In this context, existing attack methodologies primarily target continuous features, often in the context of images, making them unsuitable for the categorical or discrete features prevalent in industrial systems. To fortify the cybersecurity of industrial environments, this paper introduces a groundbreaking adversarial attack approach tailored to the unique demands of these settings. Our novel technique enables the creation of targeted adversarial samples that are valid within the framework of supervised cyberattack detection models in industrial scenarios, preserving the consistency of discrete values and correcting cases where an adversarial sample transitions into a normal one. Our approach leverages the SHAP interpretability method to identify the most salient features for each sample. Subsequently, the Projected Gradient Descent technique is employed to perturb continuous features, ensuring adversarial sample generation. To handle categorical features for a specific adversarial sample, our method scrutinizes the closest sample within the normal training dataset and replicates its categorical feature values. Additionally, Decision Trees trained within a Random Forest are utilized to ensure that the resulting adversarial samples maintain the essential abnormal behavior required for detection. The validation of our proposal was conducted using the WADI dataset obtained from a water distribution plant, providing a realistic industrial context. During validation, we assessed the mean error and the total number of adversarial samples generated by our approach, comparing it with the original Projected Gradient Descent method and the Carlini & Wagner attack across various parameter configurations. Remarkably, our proposal consistently achieved the best trade-off between mean error and the number of generated adversarial samples, showcasing its superiority in safeguarding industrial systems. [ABSTRACT FROM AUTHOR]

Published

2023

6. MADICS: A Methodology for Anomaly Detection in Industrial Control Systems.

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, and García Clemente, Félix J.

Subjects

*ANOMALY detection (Computer security), *WATER treatment plants, *SUPERVISED learning, *DEEP learning, *MACHINE learning, *CYBERTERRORISM, *FEATURE extraction

Abstract

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios. [ABSTRACT FROM AUTHOR]

Published

2020